Security

[KrishnaPG]

How does the current architecture prevent malicious actors from hijacking the services ?

For example, assume a popular worker / service, named "dns-lookup" that is served by worker A. What is preventing worker B to also start providing a service with the same name but bad results (or incorrect ip-addresses)?

Is there a validation mechanism built-in? Something like binding service names to their ed25519 public keys etc?

[prdn]

If you run services on a non-trusted network you can use the TLS support https://github.com/bitfinexcom/grenache-nodejs-http

…

On Tue, 10 Dec 2019 at 15:33, Gopalakrishna Palem ***@***.***> wrote: How does the current architecture prevent malicious actors from hijacking the services ? For example, assume a popular worker / service, named "dns-lookup" that is served by worker *A*. What is preventing worker *B* to also start providing a service with same name but bad results (or incorrect ip-addresses)? Is there a validation mechanism built-in? Something like binding service names to their ed25519 pulick keys etc? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16?email_source=notifications&email_token=AA4SZ3MSW2QJX66DSCNBZTDQX6ZETA5CNFSM4JZANCVKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H7PYNMA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4SZ3NSSS2IO63U3S7WBZLQX6ZETANCNFSM4JZANCVA> .

-- -- Paolo Ardoino

[KrishnaPG]

Thank you @prdn

But how would TLS prevent spoofing a service provider? For example, anyone could announce a serviec with the same name as someone else - correct?

[prdn]

That is correct. We are working to sign service names as well.

…

On Tue, 10 Dec 2019 at 15:44, Gopalakrishna Palem ***@***.***> wrote: Thank you @prdn <https://github.com/prdn> But how would TLS prevent spoofing a service provider? For example, anyone could announce a serviec with the same name as someone else - correct? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#16?email_source=notifications&email_token=AA4SZ3I7C4HZHUBEWB2C2ZDQX62OFA5CNFSM4JZANCVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGPWLNY#issuecomment-564094391>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4SZ3LAZSBM7YNG6Z22W4TQX62OFANCNFSM4JZANCVA> .

-- -- Paolo Ardoino