Question about bootstrapping securely (verifying reseed su3)

[theopolis]

It looks like reseed verification is disabled by default: https://github.com/PurpleI2P/i2pd/blob/e969d58689a6a5f57e896ef6b8e0dab649904c8b/libi2pd/Config.cpp#L184

And the Reseed HTTPs client does not verify certificates: https://github.com/PurpleI2P/i2pd/blob/8fd843e7ce132f42f46e6e816fe1aa0a6de5f1df/libi2pd/Reseed.cpp#L526

It seems it is possible to person-in-the-middle the initial su3 fetching. I tried this using sslsplit and it worked but I did not tamper the su3 content.

Is there a benefit to new users to enable reseed signature verification by default? Or enabling certificate verification, which would be more difficult since the initial list of reseed URLs may use self-signed certificates?

[r4sas]

That option disabled by default due to ability to start i2pd without any stuff that required for verify (certificates required when reseed.verify is set to true). That's why we provide example config file with enabled option in it (which used in packages) because we know that in that case package maintainer included that certificates.

set_verify_mode affects on verifiying certificate trust chain (as I know, @orignal knows better) which requires usage of certificate issued by trusted CA. But because of anonymity no one will request that kind of certificates: all known reseeds used self-signed certificate.

[orignal]

It's false by default for development purpose because usually certificates are not presented. But packages for ordinary users (including android .apk) always turn it on.

[theopolis]

That makes a lot of sense, thanks for clarifying!