There was recently a security audit done by Cure53 of software related to developing the Turbo Tunnel design. We have previously discussed Turbo Tunnel on this forum at #9. In scope for the audit were dnstt (an encrypted DNS tunnel, previous discussion at #30) and the Turbo Tunnel–related parts of Snowflake (WebRTC-based peer-to-peer proxy, previous Turbo Tunnel discussion at #35).
5 of the 6 items affecting dnstt are fixed in v0.20210424.0. The remaining item has to do with protocol layering, and to address it would require backward-incompatible changes and a possible reduction in efficiency. I wrote a summary of the considerations.
One of the Snowflake items is a resource leak that has had an issue created. The other is about better security for broker messages, which the team knows about and has discussed in the past.
There was recently a security audit done by Cure53 of software related to developing the Turbo Tunnel design. We have previously discussed Turbo Tunnel on this forum at #9. In scope for the audit were dnstt (an encrypted DNS tunnel, previous discussion at #30) and the Turbo Tunnel–related parts of Snowflake (WebRTC-based peer-to-peer proxy, previous Turbo Tunnel discussion at #35).
Report PDF
The report lists 9 items total, ranging in severity from Informational to Medium: 6 in dnstt, 2 in Snowflake, and 1 informational item affecting both.
Summary of items affecting dnstt
5 of the 6 items affecting dnstt are fixed in v0.20210424.0. The remaining item has to do with protocol layering, and to address it would require backward-incompatible changes and a possible reduction in efficiency. I wrote a summary of the considerations.
Summary of items affecting Snowflake
One of the Snowflake items is a resource leak that has had an issue created. The other is about better security for broker messages, which the team knows about and has discussed in the past.