search

censorship-no / ceno-browser-archive

Firefox for Android (Fennec) with Ouinet integration
Other
165 stars 8 forks source link

how does Ceno ensure that retrieved data is authentically derived from the requested origin? #13

Open dkg opened 1 year ago

dkg commented 1 year ago

Thanks for the discussion over at the IRTF today! In the discussion, some questions came up about how the user of the ceno browser can ensure the authenticity of data that they retrieve.

Most of the modern web is distributed via https, which provides a transport security model, so that clients can be assured that they're talking to the expected origin. but once the data is transferred, it doesn't have any clear indication that it came from the specific origin. This seems like it represents an opportunity for bad actors to inject arbitrary content that claims to be from a given origin.

@npdoty observed that the Signed Exchanges work offers some potential guarantees about content authenticity.

dkg commented 1 year ago

(this is not meant as an endorsement of SXG, btw -- it's more of an opening to try to understand what security, authenticity, and privacy guarantees are available to users of Ceno browser)

mhqz commented 1 year ago

Hi @dkg, thanks a lot for starting this thread :wave:

some questions came up about how the user of the ceno browser can ensure the authenticity of data that they retrieve.

As you probably know CENO browser internally uses a Ouinet client to retrieve the content using different mechanisms (direct access to the origin, proxy, p2p, etc).

To ensure that the content is not tampered the Ouinet injectors, which are the trusted nodes in the network, sign the content before replying to clients and only after that is possible to share it in the distributed cache.

You can find a more detailed description of the signing process in the following link (and will be also happy to answer further questions about other parts of the system/network): https://github.com/equalitie/ouinet/blob/master/doc/ouinet-network-whitepaper.md#signatures

@npdoty observed that the Signed Exchanges work offers some potential guarantees about content authenticity. (this is not meant as an endorsement of SXG, btw -- it's more of an opening to try to understand what security, authenticity, and privacy guarantees are available to users of Ceno browser)

Thank you, this is really interesting and didn't know about SXG, I'll take a look at it as well :smile_cat: