mirror of
https://github.com/ipfs/kubo.git
synced 2026-03-06 08:47:52 +08:00
0cdc2e0adf
Online record verification -- meaning record verification that might cause messages to other peers -- presents a way to perform an attack on a dht node: forge a record and make the node attempt to fetch the public key to verify. This becomes a very powerful amplification attack if online verification is done for records _received passively_. This means records that were received as the result of a PUT_VALUE or ADD_PROVIDER. Thus we only accept records we can verify offline (whose public keys we already have). In practice this is not at all a problem for us, because typical connections are encrypted: we've already exchanged public keys. |
||
|---|---|---|
| .. | ||
| pb | ||
| dht_logger.go | ||
| dht_net.go | ||
| dht_test.go | ||
| dht.go | ||
| diag.go | ||
| ext_test.go | ||
| handlers.go | ||
| providers_test.go | ||
| providers.go | ||
| query.go | ||
| records.go | ||
| routing.go | ||
| util.go | ||