Closed kim closed 5 years ago
We only check whether the proclaimed sender of non-relayable messages is the same as the (authenticated) sender as determined by the network IO layer.
This leaves payload messages to be secured by consensus. Membership shuffles are still a concern, as they can easily be used to eclipse a node.
Fixes #10
We only check whether the proclaimed sender of non-relayable messages is the same as the (authenticated) sender as determined by the network IO layer.
This leaves payload messages to be secured by consensus. Membership shuffles are still a concern, as they can easily be used to eclipse a node.
Fixes #10