Some questions about SPTPS

Etienne Dechamps etienne at edechamps.fr
Thu Jul 17 20:51:25 CEST 2014


On 17/07/2014 17:45, Guus Sliepen wrote:
>> I get that, but in practice it's not clear how that improves security in any
>> way. In the current state, if you gain control over a node in the middle,
>> you're screwed anyway, even with SPTPS, because the compromised node can
>> easily force you to send your data to it (there are multiple ways to do that
>> I guess - messing with ADD_SUBNET messages sounds like the most obvious
>> one). In fact, if you're not using StrictSubnets the compromise of *any*
>> node results in complete compromise of the entire network (again by sending
>> ADD_SUBNET). I fail to see how SPTPS prevents that.
>
> But if you do use StrictSubnets then SPTPS improves security, and
> improving authorisation of those ADD_SUBNET messages is something for
> 2.0.

Using StrictSubnets *and* strong ADD_SUBNET authentication still doesn't 
prevent a node in the middle from intercepting your communications, 
because you have to trust something at some point. For example the 
middle node could intercept and change the public keys that transit 
through it.

That said, I guess this works if you assume that two nodes that want to 
ensure security will exchange their public keys out-of-band in a secure 
manner to make sure middle nodes can't fiddle with them. Furthermore, it 
also implements an opportunistic "SSH-style" security model where it 
won't protect against tampering the first time you ask for a public key 
using the graph, but it will prevent any further attempt to tamper with 
it once a node has it saved (similar to how SSH host fingerprints work). 
Which is kinda cool, all things considered.

-- 
Etienne Dechamps


More information about the tinc mailing list