zzz
s390x build finished overnight as predicted, now doing the copies
zzz
weko, orignal, as promised, here's my old-version fix idea:
zzz
- define 2nd new flag 'request hash'
zzz
- Alice sets flag ONLY when sending to OLD Bobs
zzz
- "real" old Bobs will ignore flag
zzz
- actually new Bobs, when seeing the flag, will put their router hash in Session Created
zzz
- if Alice gets back a router hash block in Session Created, compare to expected, disconnect if no match
zzz
EOT
zzz
PPA done, stand by for deb
zzz
deb is done
zzz
that's it
zzz
eyedeekay, permission for a -1 bumparoo please
orignal
the problem is that acttecker reads the code
orignal
and he will also ignore the flag on new version pretending to be old
zzz
doesn't matter
orignal
but if Alice doesn't set flag to a new router
zzz
this solves one problem only, one that is not solved in current proposal: fake old RI, real router is new
orignal
how would it solve the problem
zzz
for new router, set the other flag, and xor or mixhash
orignal
got it. two flags now
zzz
correct
orignal
still. attacker is pretending to be an old routers
orignal
how would you proposal help?
orignal
ofc he will keep ignoring that flag even using a new version
zzz
so, put it all together, we would have fixes for 3 combinations of fake/real: old/new, new/old, new/new
zzz
the only thing that can't be fixed is old/old
zzz
this is assuming fake routers are fake with cloned addresses of real routers
orignal
right
orignal
I see now
zzz
* real routers he does not control
orignal
yes I see now
zzz
* real routers that he does control -> different threat I haven't thought a lot about
orignal
it would work
orignal
but then why do we need 2 flags?
orignal
let me thing
zzz
one is for old routers, one is for new. if we have mixhash, we don't need to send routerhash in session created
orignal
"request hash" means a new block type. right?
orignal
good pont
orignal
I like your proposal
zzz
actually I can make it even simpler
zzz
the only reason Bob needs to send back his router hash is if he upgraded recently
zzz
if he upgraded more than a few days ago, everybody should have his new RI, so he can just drop the session request or send a termination
orignal
because Alice has old RI?
zzz
correct, maybe alice just reseeded or started after a long downtime
zzz
but if you've been running the new version for a long time, any session request with the flag set is guaranteed to be fake
eyedeekay
zzz go ahead and bump -1
dr|z3d
eyedeekay: might as well give him carte blanche to bump at will so he stops asking :)
zzz
thanks eyedeekay, please turn your attention soon to review of my MR's, I'm almost stuck
eyedeekay
he has it as far as I am concerned but I appreciate the communication
eyedeekay
Ok will get on them today
kytv
eyedeekay: I registered for an account on gitlab and I assume my registration got lost with bot spam. My username is the same as here. (thanks in advance, whenever you can get to it ☺ )
eyedeekay
Give it a try, your account should be activated now
orignal
zzz when do you think we can start implementing this?
orignal
kytv any chance that killyourtv.i2p is back?
zzz
orignal, I don't know
zzz
also to be discussed: out-of-session peer test and token request messages