Understand the feasibility of source to source communication #14
Comments
|
Without #10, exchanging large uploads would be possible (with or without custom clients), whereas with #10 the communication channel would be restricted to the maximum size of a message, which can be calculated and enforced. However, even with small messages, a lack of rate-limits could attract unwanted use, which may hurt the system if the implementation required downloading ephemeral keys before the server would accept message submissions/attachment uploads, as that would then burn ephemeral keys for every fake message that's sent. If the protocol would require solving (unattended) client puzzles for submissions to enforce rate-limiting, it would become incredibly unattractive as a covert communication channel even if it would still be technically possible. |
lsd-cat
added
the
protocol research
|
I do not believe there is any space in the protocol for measures to prevent this. As pointed out above, it is not a very attractive communication channel to begin with, and participants would need to exchange keys beforehand. We should probably document this in the main README and close the issue. |
|
I would close this issue now. I think any kind of "anonymous messagebox" inherently has this problem. We have to clearly reference this in the documentation though. |
The protocol does not expect sources to communicate with each other, however, if they write their own clients and manually share their encryption and challenge public keys, they might covertly be able to do so and use the server as a bridge for their own private messaging.
Partially relates to #10.
The text was updated successfully, but these errors were encountered: