Some questions about SPTPS
Etienne Dechamps
etienne at edechamps.fr
Thu Jul 17 20:51:25 CEST 2014
On 17/07/2014 17:45, Guus Sliepen wrote:
>> I get that, but in practice it's not clear how that improves security in any
>> way. In the current state, if you gain control over a node in the middle,
>> you're screwed anyway, even with SPTPS, because the compromised node can
>> easily force you to send your data to it (there are multiple ways to do that
>> I guess - messing with ADD_SUBNET messages sounds like the most obvious
>> one). In fact, if you're not using StrictSubnets the compromise of *any*
>> node results in complete compromise of the entire network (again by sending
>> ADD_SUBNET). I fail to see how SPTPS prevents that.
>
> But if you do use StrictSubnets then SPTPS improves security, and
> improving authorisation of those ADD_SUBNET messages is something for
> 2.0.
Using StrictSubnets *and* strong ADD_SUBNET authentication still doesn't
prevent a node in the middle from intercepting your communications,
because you have to trust something at some point. For example the
middle node could intercept and change the public keys that transit
through it.
That said, I guess this works if you assume that two nodes that want to
ensure security will exchange their public keys out-of-band in a secure
manner to make sure middle nodes can't fiddle with them. Furthermore, it
also implements an opportunistic "SSH-style" security model where it
won't protect against tampering the first time you ask for a public key
using the graph, but it will prevent any further attempt to tamper with
it once a node has it saved (similar to how SSH host fingerprints work).
Which is kinda cool, all things considered.
--
Etienne Dechamps
More information about the tinc
mailing list