-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Understand the feasibility of source to source communication #14
Comments
Without #10, exchanging large uploads would be possible (with or without custom clients), whereas with #10 the communication channel would be restricted to the maximum size of a message, which can be calculated and enforced. However, even with small messages, a lack of rate-limits could attract unwanted use, which may hurt the system if the implementation required downloading ephemeral keys before the server would accept message submissions/attachment uploads, as that would then burn ephemeral keys for every fake message that's sent. If the protocol would require solving (unattended) client puzzles for submissions to enforce rate-limiting, it would become incredibly unattractive as a covert communication channel even if it would still be technically possible. |
I do not believe there is any space in the protocol for measures to prevent this. As pointed out above, it is not a very attractive communication channel to begin with, and participants would need to exchange keys beforehand. We should probably document this in the main README and close the issue. |
I would close this issue now. I think any kind of "anonymous messagebox" inherently has this problem. We have to clearly reference this in the documentation though. |
The protocol does not expect sources to communicate with each other, however, if they write their own clients and manually share their encryption and challenge public keys, they might covertly be able to do so and use the server as a bridge for their own private messaging.
Partially relates to #10.
The text was updated successfully, but these errors were encountered: