matiu
commented
10 years ago Closing this and moving it to the malling list https://groups.google.com/forum/?fromgroups#!forum/peerjs
Closed matiu closed 10 years ago
matiu
commented
10 years ago Closing this and moving it to the malling list https://groups.google.com/forum/?fromgroups#!forum/peerjs
Hi guys,
First, thanks for your outstanding work!! PeerJS/WebRTC rocks!
We are implementing Copay, a bitcoin wallet using peerjs. It is open source https://github.com/bitpay/copay. I have some question regarding peerjs/webRTC and man-on-the-middle attacks.
1) Are communications between the peers encrypted (using peerjs and peerjs-server) by default? Which schema is used? How the keys are generated?
2) is there a standard way to prevent man-on-the-middle attack given a compromised peerjs-server? This is the schema we are doing now: 1- share with the peer (using a offline channel) a pub key 2- the peer uses that pubkey to encrypt messages, and send his pubkey to the initial peer. The initial peer shares with other peers the new peer's pubkey, and so a secure channel is stablished.
thanks a lot. matías