Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-register in the same epoch attack #110

Open
vqhuy opened this issue Oct 25, 2016 · 0 comments
Open

Re-register in the same epoch attack #110

vqhuy opened this issue Oct 25, 2016 · 0 comments
Labels
tbs

Comments

@vqhuy
Copy link
Member

vqhuy commented Oct 25, 2016

Currently, if the key server doesn't use TBs, a malicious client can attempt to equivocate about the name by re-registering the same username with a different key.
This attack can be mitigated by lookup in the current tree of the pad. The server could return a ErrorNameExisted along with a proof of absence (from the latest committed STR).

However, the client doesn't get any proof that the name already exists, and until the current tree is committed. A malicious server can now easily cheat and give clients false information about which names exist, don't exist etc and they wouldn't have any proof.

It means that while we don't have a better solution for registration promises, the key server would be forced to use TBs.

See #109.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tbs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arlolra @vqhuy