Comments (7)
KadNode doesn't do verification.
If you have an ip address, you can write your own verification system.
What KadNode could do better is to help you to integrate your verification mechanism.
Depending on your security; you could simply run a webserver that offers a specifc file
that you try to get using wget. If the the file matches your copy - then it is probably your node.
from kadnode.
I was thinking about how it can be made easier to hook up some verification or feedback system for the DNS interfaces so that it filters out 'wrong' IP addresses. That's a tricky one :)
from kadnode.
I think using the kademlia rpc to store values there could be somekind of handshake.
lets say I lookup for node couch.p2p and this gives me 2 ip adresses.So I must identify one of the two as the true.I know a secret that only the true couch.p2p knows.the couch.p2p rehashes my id based on that key and announce a new node id directly to me.that way I can knows who is the true node.Is that feasible?
from kadnode.
From a security standpoint there are some flaws (replay attack etc.). but it really depends on how secure and what type of security you want. Bittorrent for example doesn't need what you like to have. DNS in KadNode is meant as an interface. But I think it is important to enable users to add guarantees like traditional DNS.
The best way to achive your goal is to implement it outside of KadNode. That wouldn't pin down KadNode to a specific application need and security system.
Kademlia allows sending additional information in its message format, but the IP addresses
are likely to come from nodes that are not running KadNode. They won't store and forward additional information.
So this is not feasible using the Kademlia protocol. It has to be done outside of the protocol.
Back to possible solutions. Since DNS does allow only one IP address to be transferred (at least we only want one for the typical DNS usage), we need to filter/validate the IP addresses. That could be done by using a script that is called with an IP address and does the verification. The address is passed to the DNS interface when it passes the script.
Only problem is that calling a script is a nightmare to code. I hope there is a nicer solution. :)
from kadnode.
You could add an announce command that hashes the .p2p based on a secret?
something like "kadnode-ctl secret-announce couch.p2p secretcode".
It would be a bit safer.
The thing I am trying to avoid is the need to open ports on the clients.
I am using n2n (p2p vpn ) that only needs one supernode to have open ports on their modem.
For a script to run like wget it means the user has to open ports so it can be contacted.
from kadnode.
Hashing based on a secret is possible. It was implemented at one point.
But what it did was to append the secret to the value before hashing.
That is instead of foo.p2p, foo.mysecret.p2p was hashed. When you call KadNode
using another program/script then it is trivial to append it outside of KadNode.
I saw very little to be gained from this feature so far and removed it.
from kadnode.
Since we get the address information not from the node itself, but other nodes, what you ask its not possible. But there are workarounds outside of KadNode. KadNode may need an a way to help users to do verification when using the DNS interface. But that should be the topic of a new issue. :-)
from kadnode.
Related Issues (20)
- can not start on windows HOT 8
- daemon crashes on resovle HOT 11
- keeps trying to uninstall debian package HOT 2
- can not build in cygwin HOT 3
- Publishing addresses for other nodes HOT 4
- here's an example address you can use HOT 10
- natpmp upnp features ? HOT 3
- Cannot build on Cygwin64. HOT 1
- Upgrade ideas HOT 3
- An odd bug HOT 4
- Upgrade idea HOT 2
- Announce with own CA certs HOT 4
- Ubuntu 22.04: unmet dependencies when installing deb HOT 2
- onion like domain with ed25519 HOT 9
- MX records? HOT 1
- Domain authorization HOT 4
- can't build with mbedtls 3.x HOT 8
- Can this work on a local mesh network HOT 5
- Can this work on a local mesh network
- Cannot compile in cygwin HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kadnode.