Comments (6)
It's a well known attacks: if you don't use SSL nothing guarantees that you connect to the correctly resolved server; any cafe WiFi can direct you on some other host. If you use SSL, you are depending on government authorities authenticating your server and your identity, and the certificate can be revoked/not postponed.
from lnp-node.
Well, the DNS is deliberately removed from LNP/BP Core library and nodes, to prevent occasional exposure of the node to DNS servers and deanonymization - as well as many other types of attacks. That's why only IP addresses and Onion.
The rule we follow: no outcoming traffic from the node other than peer traffic and RPC interface explicitly defined by the user.
One can write a simple script to resolve DNS into IP and paste it as a parameter to the node launching command.
PS. DNS, SSL, PKI delenda est
from lnp-node.
Thanks for the clear answer.
I would really appreciate if you could point out some documentation for the attacks you mention, whenever you have time for it.
from lnp-node.
https://en.wikipedia.org/wiki/DNS_spoofing
https://www.cse.wustl.edu/~jain/cse571-07/ftp/cafecrack/index.html
from lnp-node.
Should we document this design choice a bit better? I can take this task.
from lnp-node.
You are welcome
from lnp-node.
Related Issues (20)
- `lnp-cli create` hangs after channel creation HOT 2
- a call to `connect` hangs and peerd logs "invalid nodeid" HOT 10
- channel data inconsistency between peers HOT 5
- asset identifier confusion HOT 1
- node receiving a connection does not know initiator's nodeid
- Update configure_me to 0.4
- Failed to build demo Docker image HOT 1
- No matching package named `lnp-core` found when building docker image HOT 4
- Cargo test command failing HOT 2
- Use configure_me for storing persistent configuration options
- Use `ln-types` crate? HOT 8
- Tracking: full LN interoperability
- Tracking: node operations
- lnp-node address not have regtest prefix 'bcrt' HOT 2
- Connection handshake failure for TCP connections HOT 4
- Panic starting node 'Unable to open key file' HOT 2
- Use AddressCompat instead of rust-bitcoin Address to display address
- Bolt Review + Universal Invoice + Bifrost HOT 1
- private or changing IP address considerations HOT 1
- Unknown Transport Protocol
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lnp-node.