search

ipfs / in-web-browsers

Tracking the endeavor towards getting web browsers to natively support IPFS and content-addressing
https://docs.ipfs.tech/how-to/address-ipfs-on-web/
MIT License
348 stars 29 forks source link

Write up the security + privacy implications of running IPFS Service Worker #57

Open flyingzumwalt opened 7 years ago

flyingzumwalt commented 7 years ago

In order to be confident about deploying the IPFS service worker we want to ensure security + privacy for users running the service worker.

  1. Document all of the implications of running the service worker:
    • possible exploits
    • what information might get leaked, when it might get leaked
    • scenarios where users are fine with doing things publicly and non-anonymously
    • etc.
  2. Identify possible strategies for mitigating any security or privacy concerns
  3. Seek review from security-minded collaborators
samholmes commented 7 years ago

First thought. IPFS uses content-address to verify that the content is the content for which you are looking. This means that SSL certificates are not needed in order to prevent man-in-the-middle attacks.

The only time when I can see a sort of man-in-the-middle attack is when a resource (web page) includes a dependency for which it doesn't have control over (3rd-party IPNS addressed library). In this case, the application would need to trust this IPNS address to not be malicious. Ultimately, control over what the dependency could access would be preferable.

Not much else to comment at the moment.

lidel commented 6 years ago

Worth being aware that in event of HTTP gateway misconfiguration, ServiceWorker could take control over all /ipfs/* and /ipns/* gateway responses.

Details: https://github.com/ipfs/go-ipfs/issues/4025 + additional explanation in https://github.com/ipfs/go-ipfs/issues/4025#issuecomment-364402875