Open saketh-are opened 1 year ago
Code pointers:
send_handshake
and process_handshake
functions in PeerActor, and where those functions are called from.For this task we are only concerned with changing the handshake process. Edges will still be advertised to the rest of the network in the same way; that is, by sharing an (A, B, nonce) tuple signed by both nodes A and B. The goal of this task is to make the handshake process which produces those signatures more secure.
note that the details are in this internal only design doc that will be publicly shared later after all nodes have deployed the fix instead of now as it's security issue.
Code merged, thanks saketh@ for reviewing!
On hold as waiting to complete migration deployment for this task
From our internal testing, the existing design only works with private networks (e.g. unit tests, internal integration tests) where there is no notion of private / public ip address / VPC / NAT / VPN. Cloud providers such as GCP automatically enforces these separations of public/private ip. Hence, the code will have to be updated to work with these notions.
Reverting due to https://near.zulipchat.com/#narrow/stream/297663-pagoda.2Fnetwork/topic/network.20stall.20during.20mocknet.20test/near/365948241
Will have to re-implement to account for NAT
Had to revert. Postmortem is scheduled on July 18th and will re-tackle afterward (in July and August)
Core team Q2'2023 initiative.
In TIER2 network there is no real authentication of peers, except for the Edge signature: to establish a connection both peers have to sign a (peer_a,peer_b,nonce) tuple. It easy to imagine a situation in which a malicious node C:
We can prevent offline attacks as above having some variation of a 3way handshake: