mirror of
https://github.com/ipfs/kubo.git
synced 2026-02-28 05:47:51 +08:00
Online record verification -- meaning record verification that might cause messages to other peers -- presents a way to perform an attack on a dht node: forge a record and make the node attempt to fetch the public key to verify. This becomes a very powerful amplification attack if online verification is done for records _received passively_. This means records that were received as the result of a PUT_VALUE or ADD_PROVIDER. Thus we only accept records we can verify offline (whose public keys we already have). In practice this is not at all a problem for us, because typical connections are encrypted: we've already exchanged public keys. |
||
|---|---|---|
| .. | ||
| dht | ||
| kbucket | ||
| keyspace | ||
| mock | ||
| routing.go | ||