IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2024/05/17
zzz s390x build finished overnight as predicted, now doing the copies
zzz weko, orignal, as promised, here's my old-version fix idea:
zzz - define 2nd new flag 'request hash'
zzz - Alice sets flag ONLY when sending to OLD Bobs
zzz - "real" old Bobs will ignore flag
zzz - actually new Bobs, when seeing the flag, will put their router hash in Session Created
zzz - if Alice gets back a router hash block in Session Created, compare to expected, disconnect if no match
zzz EOT
zzz PPA done, stand by for deb
zzz deb is done
zzz that's it
zzz eyedeekay, permission for a -1 bumparoo please
orignal the problem is that acttecker reads the code
orignal and he will also ignore the flag on new version pretending to be old
zzz doesn't matter
orignal but if Alice doesn't set flag to a new router
zzz this solves one problem only, one that is not solved in current proposal: fake old RI, real router is new
orignal how would it solve the problem
zzz for new router, set the other flag, and xor or mixhash
orignal got it. two flags now
zzz correct
orignal still. attacker is pretending to be an old routers
orignal how would you proposal help?
orignal ofc he will keep ignoring that flag even using a new version
zzz so, put it all together, we would have fixes for 3 combinations of fake/real: old/new, new/old, new/new
zzz the only thing that can't be fixed is old/old
zzz this is assuming fake routers are fake with cloned addresses of real routers
orignal right
orignal I see now
zzz * real routers he does not control
orignal yes I see now
zzz * real routers that he does control -> different threat I haven't thought a lot about
orignal it would work
orignal but then why do we need 2 flags?
orignal let me thing
zzz one is for old routers, one is for new. if we have mixhash, we don't need to send routerhash in session created
orignal "request hash" means a new block type. right?
orignal good pont
orignal I like your proposal
zzz actually I can make it even simpler
zzz the only reason Bob needs to send back his router hash is if he upgraded recently
zzz if he upgraded more than a few days ago, everybody should have his new RI, so he can just drop the session request or send a termination
orignal because Alice has old RI?
zzz correct, maybe alice just reseeded or started after a long downtime
zzz but if you've been running the new version for a long time, any session request with the flag set is guaranteed to be fake
eyedeekay zzz go ahead and bump -1
dr|z3d eyedeekay: might as well give him carte blanche to bump at will so he stops asking :)
zzz thanks eyedeekay, please turn your attention soon to review of my MR's, I'm almost stuck
eyedeekay he has it as far as I am concerned but I appreciate the communication
eyedeekay Ok will get on them today
kytv eyedeekay: I registered for an account on gitlab and I assume my registration got lost with bot spam. My username is the same as here. (thanks in advance, whenever you can get to it ☺ )
eyedeekay Give it a try, your account should be activated now
orignal zzz when do you think we can start implementing this?
orignal kytv any chance that killyourtv.i2p is back?
zzz orignal, I don't know
zzz also to be discussed: out-of-session peer test and token request messages