How many protection needs the node IDs? Is it save to make them public around the world? Or, should I keep them as secret as possible?
It is possible to get the IP if the global discover is used, isn’t it?
They are not sensitive. Post them on facebook if you like. Given a node ID it’s possible to find the IP address for that node, if global discovery is enabled on it. Knowing the node ID doesn’t help you actually establish a connection to that node or get a list of files, etc.
For a connection to be established, both nodes need to know about the other’s node ID. It’s not possible (in practice) to forge a node ID. (To forge a node ID you need to create a TLS certificate with that specific SHA-256 hash. If you can do that, you can spoof any TLS certificate. The world is your oyster!)
3 Likes
I add this into the unofficial FAQ: https://github.com/jedie/syncthing/wiki/FAQ#should-i-keep-my-node-ids-as-secret-as-possible