Closed MathiasDeWeerdt closed 3 years ago
As far as I understand how ygg works. When communication between 2 nodes is required, a session is created. Within this session everything is encrypted and only the 2 member of the session can decrypt the traffic.
If you want, the ygg devs are always available on matrix at #yggdrasil:matrix.org. They are very reactive and can answer any question you might have.
Investigation whether yggdrasil is safe
Question
Imagine we have 3 users connected with yggdrasil: a,b,c. User a want to interact with user c, but has no idea how to, so it picks b as an intermediary node.
Can user b read the traffic which is ment for user c?
Initial research
They clain this is entirely safe, as long as the encryption holds, but do mention they havent been audited by a third party. https://yggdrasil-network.github.io/faq.html
Encryption is done using: https://godoc.org/golang.org/x/crypto/nacl/box which can be found here: https://github.com/yggdrasil-network/yggdrasil-go/issues/719