Hello,
In OpenDHT, the key chosen for a given message (value) is arbitrary.
A Ring client receives calls by listening for values stored at some specific
key.
Currently this key is SHA1("callto:"+ring_id_hex), so it is derived
deterministically
from the public key, but would not allow by itself to know the public key id.
An attacker listening on someone else's key would see activity as encrypted
blobs, but would not be able to know who is calling using them. An attacker
controlling a large proportion of DHT nodes would be able to see the IP, but
not
the public key, of the caller.
In Ring the value itself must be signed by the caller and encrypted for the
listener
(the same keys must then be used for authentication of the peer-to-peer TLS
layer).
Regards,
Adrien
De: "Baptiste Jonglez" <[email protected]>
À: "Adrien Béraud" <[email protected]>
Cc: [email protected]
Envoyé: Mercredi 11 Novembre 2015 18:26:43
Objet: Re: [Ring] DHT in Ring: potential privacy issue?
Thanks for your answer, comments below.
On Wed, Nov 11, 2015 at 12:52:19PM -0500, Adrien Béraud wrote:
> Ring and OpenDHT try to hide the publicly visible identities of participants.
> In OpenDHT, the node ID used for DHT routing and seen by other nodes is
> independent from the Ring ID which is a public key ID.
> When an encrypted message is stored on OpenDHT, it appears as a random blob
> with no way to know the signer or the recipient (except for the recipient
> himself).
How can a Ring client receive calls? Does it register a listener in
OpenDHT for its own Ring ID? Then, any client that wants to call the
first client would need to announce a value at this ID?
> So one just listening on the DHT could only see random blobs at some
> key.
How is the key chosen for a given message? Is it just the hash of the
content?
Sorry if these are dumb questions, I'm just trying to understand how Ring
and OpenDHT go along together :)
> However someone having a complete overview of the DHT network may indeed
> eventually be able to guess that an IP address contacts some other IP
> address.
> This is difficult to prevent: even with Tor, privacy can be compromised if
> someone controls or see some proportion of the network.
> But bigger the network is, more difficult it becomes to monitor.
>
> There is work in progress to make this kind of monitoring even harder with
> measures like listening key randomization etc.
> Suggestions and comments are welcome.
_______________________________________________
Ring mailing list
[email protected]
https://lists.savoirfairelinux.net/mailman/listinfo/ring
