Opened 4 years ago

Closed 4 years ago

#1475 closed defect (duplicate)

Bote P2P update mechanism

Reported by: user Owned by:
Priority: maintenance Milestone: undecided
Component: apps/plugins Version: 0.9.17
Keywords: Cc:
Parent Tickets:

Description

While checking for updates from the eepsite is secure as it is authenticated, it depends on the eepsite being up in the momentt of checking.

It would be desireable not to depend on that at all, and rather get a valid new version from any peer that has it. A valid version is one signed by a trusted developper. this need not even be only one. That way, you can install HH's Bote releases or str4ds without having to insinstall.

A trusted Bote dev could release a a new version by simply giving it a higher version number (to prevent abuse it could even be limited to version= timestamp in unixtime), signing it, and deploying it on one router.

  • Each bote node advertises the version it has, the hash of the update file as a signed record of versionNumber + " " +fileHash + " " + trustedSigner.
  • Each bote node upon receiving an announce from a connected peer checks validity:

if (advertised_timestamp > local_timestamp &&

advertised_timestamp < current_time &&
is_truster(signer) && isAuthentic(record,signer) {

updateFile = getUpdateFile_from_peer();
int i = record.indexOf(" ");
verifiedFileHash = record.substring(i+1, i+1+hashLength);
if (somechecksum(updateFile).equals(verifiedFileHash)) {

installUpdate(updateFile);

}

}

Subtickets

Change History (1)

comment:1 Changed 4 years ago by user

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.