IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/09/11
dr|z3d zzz: no, not seeing that error on a router with 4 days uptime, ipv4/6 enabled.
zzz ok, thanks
dr|z3d it's got a vaguely familiar smell to it, so I may have seen it before. but it's not coming up on the router I'm looking at. error class logs are persistent in the console, so I'd see it if it was there.
dr|z3d unsupported address could be either yggdrasil or localhost?
dr|z3d actually, I think I may have been seeing that error, one sec. I downgraded it from ERROR to WARN.
dr|z3d yeah, not in the logs, they're only configured on that box for errors, but the fact I downgraded that error a while back suggests I was seeing it frequently enough.
dr|z3d Seeing a bunch of warnings about no peers, despite having plenty: "No peers to put in the new tunnel! selectPeers returned null.. boo! hiss!"
dr|z3d actually, disregard that.
dr|z3d Plenty of "Received CORRUPT SessionConfirmed" on that router, though, at a rate of approx 1/s it looks like.
zzz I was just looking for a reproduction of my issue, not looking to help you fix all the warnings in your log... :)
obscuratus zzz: I'm seeing that error, but it came during a fairly narrow window.
zzz if it were me, I'd file a ticket before changing an error to a warn, but you do you :)
zzz my rate is 10/week
zzz does nobody file tickets anymore?
dr|z3d you do, apparently :)
obscuratus I don't see any "Error in the estabisher" errors on my testing network.
dr|z3d I figured invalid address was a reference to either localhost or possibly yggdrasil, didn't think the issue was serious enough to merit ERROR class which, as I've just said, now remains persistent in the console for +. No sense worrying the user unduly.
obscuratus zzz: I had to snicker at #417. I had explainations for that in my commits, but the GitLab merges just kind of discarded that.
zzz well, I assigned it to myself to investigate, doesn't look right
dr|z3d I vaguely recall consulting java docs to get a better idea of what was causing the error, and iirc, localhost was suggested as the prime suspect.
zzz I'm glad idk did squash because it's better than 168 revs going back 3 months imho
zzz obscuratus, I'm sure there was a reason, so please comment in the ticket
zzz imho there needs to be damn good reasons to break the API (see #402)
zzz if 417 is funny it's the only one...
orignal I want your opinion if it's a good idea or you might have something better in mind
orignal about "writing up" you know me ))
dr|z3d it's a relatively simple proposal, orignal, shouldn't take more than 5m to sketch it out in a document.
zzz well...
zzz I'm not sure the attack is very worrisome... maybe yes, maybe not. I've also forgotten a lot of the discussion. So for now... "maybe"
zzz for the solution, there's lots of ways to do it, there are backward-compatibility issues possibly. Do we need a flag? Could we just change some HKDF to include the hash in the calculation rather than putting the actual hash in the handshake?
zzz should the protocol change be in the SessionRequest where bob checks it, or in the SessionReply where alice checks it?
zzz so the answer for your proposed solution is also "maybe"
dr|z3d I think the attack is probably more severe than you give it credit for.
dr|z3d Or maybe I'm thinking of a parallel attack where a router spoofs another router's id. I can't remember. What I do recall is seeing a ton of routers all claiming to be me.
zzz sure, just saying I don't remember the details and somebody needs to write it down what we're trying to do
dr|z3d I don't disagree, it's been long enough that the details are a little hazy here, too.
zzz and if anybody is trying to trick me into writing the proposal it's not going to work :)
dr|z3d you and your trickery paranoia *chuckle*
dr|z3d orignal, sort it. don't be lazy. :)
dr|z3d get chatgpt to do it for you if you must, just get it done :)
zzz oh gosh not AI proposals (((
orignal zzz, the nature of attack was
zzz anyway, as I said above there's alternate solutions that don't add 35 bytes to the handshake. Are they better? dunno.
orignal we considered fake floodfills reqachable
orignal because we could connect to that address by SSU2
orignal actually to a real floodfill, but we didn't have a way to know
orignal ofc I have made a change to not rely on Alice's SSU2 connection
orignal but this is just a workaround and not a complete solution
orignal dr|z3d it would take 5 minutes in Russian, but not English
dr|z3d do it in Russian, orignal, I'll handle the rest.
orignal ok. will do ))
zzz right. so I've forgotten 99% so even if I told you "good idea" today, you shouldn't believe me. Either spend the time to write up a nice proposal covering all the issues, or don't
zzz just don't half-ass it. do a good job so everybody can understand all the issues and make a smart decision
dr|z3d yeah, make sure it's a well written document (in Russian) orignal, or no chocolate covered potato chips for you. ;)
orignal you could say it because this attack was without you
zzz sure but you also have to explain it to everybody else
orignal I assumes I discussed it with idk and not you
orignal honesly I tried
zzz no proposal is 5 minutes. It takes weeks of work.
orignal Blinded message
orignal simple speaking nobody cared
zzz he told me it was a "good idea" and you agreed to write the proposal in June, so I don't know why you waited for me
zzz afaik idk is waiting for you
dr|z3d we had this discussion last week, orignal, before zzz teleported here, remember? :)
dr|z3d And long before that.
dr|z3d I told you that if you were waiting on zzz, to have a written proposal ready. :)
orignal don't cheat youself you know why
orignal "orignal" and "proposal" are less compatible words ))
zzz there's no guarantees that a "good idea" stays good, orignal has changed his mind after I wrote something up and cost me weeks of work, it happens
orignal what was that? I don't remeber
zzz ok but somebody has to step up
zzz I don't remember either, maybe some SSU2 subsection. Not holding a grudge, we're allowed to change our minds :)
zzz actually, iirc it was the new TBM proposal where we thrashed back-and-forth a while
orignal yes and I remember why
zzz :) sometimes "good" ideas become fugly babies when you write them down...
orignal and if we are talking about TBM
orignal it's time to think about chacha for tunnel messages
zzz sure, the cost/benefit analysis will be interesting
zzz but as of today, the proposal for the streaming change 6 months ago still isn't done (((
orignal whar was that?
orignal you mean to verify Bob's ident?
zzz the replay attack fix putting the hash in
orignal I have implemented it even in February
zzz and
orignal I remeber one day I tried to wirte a proposal
orignal and produced so many grammar mistakes that had to give up ))
eyedeekay Write it in Russian and post it somewhere, I have somebody who offered to help translating it
obscuratus eyedeekay: Re: pickRandomFloodfillPeers(): I've been running without any RI in my client netDb for a while now. I assume you have also? Do you still anticipate a need for this method?
obscuratus If it turns out our client netDb actually do need their own RI, it would probably entail several other considerations also.
eyedeekay No I don't think we'll need it anymore