Discovery server is just a map of where stuff is, no data is moved over it.
Iâm afraid I donât understand your reasoning @Eddy2909. On the one hand youâre touting the vulnerability of the discovery server and fretting over what would happen if it was compromised. On the other hand, youâre suggesting letting anyone host a discovery server and allowing members of the community to easily find them, thus allowing a very easy way of luring people into using compromised discovery servers⌠So, which is it?
Let me write up whatâs (probably) happening with the disco protocol in v0.12, as its kind of relevant. Basically, itâs spoken over HTTPS (TLS) instead of raw udp. The reason for this isnât mostly security, but compatibility1, but it does buy us some extra security:
-
The server authenticates the client using its certificate, same as sync connections. This means you can only âannounceâ your own device ID, not anyone elseâs.
-
The client authenticates the server using its certificate, normal HTTPS style. This removes the possibility of faking or man-in-the-middling a discovery server.
-
The client does queries against the server over HTTPS, so itâs not visible from the outside what device IDs are queried for.
However I donât see any real possibilities of keeping this information from the server, as seems the concern here.
A DHT (for example) would buy us decentralization (protection against the normal discovery servers going down), but it would do nothing to protect you from prying eyes and would more easily allow manipulation.
1: With firewalls and whatnot. The end game here is that as long as you can make outgoing tcp connections to port 443, you can speak to both discovery and relays, and thus anyone else in the same situation.
would you give your ids to me?
I know
they wouldnt be - even if - data would be unreadable
the point is to get the best of âboth worldsâ: Encrypted id:ip db (if its possible) and decentralization
did not get that
some other ideas:
is the discosrv kind of ddos-secured or could this be done by lets say fail2ban?
was already discussed: random device invitation / device spamming
Theyâre in many screenshots Iâve posted, but hereâs a pasteable version:
4OODCIS-RBMFWYK-2NNWTGG-5JQTOQJ-QIGM5CE-2UMYWIP-N6TVOVR-INAN3Q5
P56IOI7-MZJNU2Y-IQGDREY-DM2MGTI-MGL3BXN-PQ6W5BM-TBBZ4TJ-XZWICQ2
AFQDMYL-2JNH6RL-V4I5KLX-M7RFGEJ-ASQDZWA-TWGEP3Z-KAQINKM-WTNYIAH
Wow that was annoying to do on mobile. Note that is more info than youâd get from the server - the server wouldnât tell you theyâre mine, just that they exist.
Not really. It handles what it can, but hit me with a few gbps and its offline. Please donât, thereâs other stuff on that connection.
If it happens, weâll handle it. I think weâre still some way away from $randomdevice wants to share the folder "Cheap V1agra - call 1-555-1234" with you
, and when we are weâve obviously won at something.
You keep saying that but I still donât understand what that means.
I couldnât
Neither I do whatever it could mean: it keeps curious eyes away
btw: the idea came up, when my rpi was offline for some reasons (I think it was a vulerable bind9 instance)
You keep throwing this word encrypted like itâs salt without understanding how the internals work. If you encrypt the device id, how does some other device know what to ask for if everything is encrypted?
Did I do suggested that? Donât think so⌠And I dont know much bout the internalsâŚnow everyone knows
Cant tell you Im not a developer - but maybe there is a way for you
Thinking about this over dinner, a compromised / malicious discovery server could quite happily map out networks of devices, by looking at whoâs asking after who. Someone could find the ip of the server hosting my website, figure out the device network which included that server, and figure out e.g. who my employer is. Thatâs not a problem right now: I trust the syncthing devs or I wouldnât be running their software in the first place.
Iâm not entirely sure how this could be mitigated, or even if itâs worth mitigating for the vast majority of users. Certainly saying âAdd encryption!.. You can figure out the detailsâ isnât going to help much!
I would instantly, if I was able toâŚ
I do too
Did I do that? hopefully not
Iâll say this one last time. Encryption WILL NOT HELP because the information being transferred has to be understood by both server and client: thereâs no way to hide its âtrue meaningâ from either.
By all means state your concerns, but if you donât understand how things work you cannot make suggestions on how those issues are solved (if they are issues at allâŚ).
??? Iâll better leave this uncommented. Means this forum is only for developers and NOT for ideas? well then Iâm outâŚ
By all means you can have ideas, but itâs a bit like if you were driving a car and I suggested removing the fuel tank because theyâre known to cause fires⌠Itâs not helpful. Everyone who understands that cars need fuel to work knows that itâs unhelpful.
We can tell you straight away that itâs an unworkable suggestion: thatâs the point at which you stop suggesting it
By all means state problems (âfuel tanks explodeâ or âdiscovery servers can be compromisedâ), but you are not qualified to tell the devs what the solutions are (âremove the fuel tankâ or âadd encryptionâ).
Anyway, there are some imo interesting things being discussed in this thread: letâs concentrate on those⌠Although the topic has changed somewhat from âletâs create a network of unofficial discovery serversâ to âletâs restrict what discovery servers can knowâ.
whatever. just wanted to throw in the idea of decentralized discos and securing them - but not to let me piss off before going to bedâŚ
Again, by all means state problems (âdiscovery is centralised and that might be a bad thingâŚâ), but listen to us when we try and explain that itâs more complex that âgo distributedâ and âadd enceyptionâ.
Well I do listen to you. But I canât figure out what you insuniate by saying âgo distributedâ and âadd encryptionâ. Didnât do that - if so: sorry. I just spoke about enryption without having a closer look. for your comparison: would you remove you tank? no you wouldnât right? and thats fine if there is no reasonâŚ
and maybe there is another way to secure id&ip than by encryption. and please dont comment on this again IT IS JUST AN IDEA OF A NON DEVELOPER!! | irony off
Right, I think we ran out of things to discuss. Back to the original topic, if you want to share your global discovery server with others, just post it on the forum, there is no need for an additional site.