My question is since there is such obvious security threat here (that a malicious storing peer may reorder the array), why must a signing peer using this appending feature?
Is it OK to substitute the appending STORE request to a explicitly indexed array STRORE? 发件人: [email protected] [mailto:[email protected]] 代表 Michael Chen 发送时间: 2013年7月7日 3:42 收件人: [email protected] 主题: [P2PSIP] A badly placed critical paragraph Hi, In the current p2psip-base-26, the past paragraph of section 7.4.2.2: There is one subtle point about signature computation on arrays. If the storing node uses the append feature (where the index=0xffffffff), then the index in the StoredData that is returned will not match that used by the storing node, which would break the signature. In order to avoid this issue, the index value in the array is set to zero before the signature is computed. This implies that malicious storing nodes can reorder array entries without being detected. is even more critical to Store requests, thus should not be in the description of Fetch response. It should be moved to section "7.1 Data Signature Computation" and reiterated in section 7.4.1.1 and 7.4.2.2. A use case would be Certificate By User. Only the certificate owner can sign the StoredDataValue, which often has the array index of 0xffffffff for appending. Since the responsible peer will change the array index, the above paragraph becomes critical to both signing and verification. Thanks --Michael
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
