GNU bug report logs - #52555
[RFC PATCH 0/3] Decentralized substitute distribution with ERIS

Previous Next

Package: guix-patches;

Reported by: pukkamustard <pukkamustard <at> posteo.net>

Date: Thu, 16 Dec 2021 16:18:02 UTC

Severity: important

Tags: patch

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: pukkamustard <pukkamustard <at> posteo.net>, 52555 <at> debbugs.gnu.org
Cc: ~pukkamustard/eris <at> lists.sr.ht
Subject: [bug#52555] [RFC PATCH v2 0/5] Decentralized substitute distribution with ERIS
Date: Sat, 29 Jan 2022 22:52:49 +0100

[Message part 1 (text/plain, inline)]
Hi,

Is it possible for the following situation to happen?
If so, why not?

  1. server A is authentic
  2. server M is malicious, it tries to trick the client into
     installing an incorrect substitute
  3. (key of) server A is authorised
  4. (key of) server M is _not_ authorised
  5. server A and M are both in substitute-urls
  6. server A only serves ‘classical’ substitutes, server B also serves
     via ERIS+ipfs
  7. Both A and M set the same FileHash, References, etc. in the
     narinfo
  8. However, M set an ERIS URN pointing to a backdoored substitute.
  9. The client trusts A, and A and B have the same FileHash etc.,
     so the client considers the narinfo of B to be authentic
     because it has the same FileHash.
 10. The client prefers ERIS above HTTP(S), so it downloads via M.
 11. The client now installed a backdoored substitute!

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 170 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.