Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

addressing: Specify security protocols in multiaddr #353

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

addressing: Specify security protocols in multiaddr #353

Changes from 3 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
b6d4ff4
addressing: describe multiaddrs containing the security protocol
marten-seemann Jul 25, 2021
13fa147
apply @mxinden's suggestions from code review
marten-seemann Jul 26, 2021
35ccd7c
add missing 'not'
marten-seemann Jul 26, 2021
c8b3b09
add paragraph about hard-coded multiaddrs
marten-seemann Jul 26, 2021
85f80ca
connections/: Adjust to multiaddr change
mxinden Jul 27, 2021
c01af99
*: Address security-protocol-in-multiaddr and relay conflict (#359)
mxinden Aug 12, 2021
6d8004e
addressing/: Link to circuit relay v2 addressing section
mxinden Aug 30, 2021
3c1487a
*: Rename p2p-circuit-inner to p2p-circuit-security
mxinden Oct 4, 2021
90bef6f
relay/circuit-v2: Move /p2p/QmTarget to the end of Multiaddr
mxinden Oct 4, 2021
4de35ef
relay/circuit-v2: Fix misconception on passive relaying
mxinden Oct 4, 2021
8807a12
relay/circuit-v2: Bump spec version
mxinden Oct 29, 2021
bb3c4f9
relay/circuit-v2: Omit address of relay in HopMessage
mxinden Oct 29, 2021
128e76d
relay/circuit-v2: Use source and destination in StopMessage
mxinden Oct 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions addressing/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,33 @@ within it. Using our example above, decapsulating either `/tcp/1234/ws` _or_
unsurprising if you consider the utility of the `/ip4/7.7.7.7/ws` address that
would result from simply removing the `tcp` component.

### The multiaddr security component

Peers MAY advertise their addresses without a security protocol, e.g.
`/ip4/6.6.6.6/tcp/1234/` or `/ip4/6.6.6.6/udp/1234/quic`. The security handshake
protocol is then negotiated using [multistream-select](../connections/README.md#multistream-select). This is
the way the libp2p handshake worked until mid 2021.
This poses a security problem, as the negotiation was not authenticated and
therefore susceptible to man-in-the-middle attacks. A MITM could modify the list
of supported handshake protocols, thereby forcing a downgrade to a (potentially)
less secure handshake protocol. Note that since QUIC is standardized to use
TLS 1.3, no handshake protocol needs to be negotiated when using QUIC.

Peers SHOULD encapsulate the security protocol in the addresses they advertise,
mxinden marked this conversation as resolved.
Show resolved Hide resolved
for example `/ip4/6.6.6.6/tcp/1234/tls` for a TLS 1.3 server listening on TCP
port 1234 and `/ip4/6.6.6.6/tcp/1235/noise` for a Noise server listening on TCP
port 1235. QUIC multiaddrs remain unchanged.
mxinden marked this conversation as resolved.
Show resolved Hide resolved
The nodes jump straight into a cryptographic handshake, thus curtailing the
possibility of packet-inspection-based censorship and dynamic downgrade attacks.
This also applies to circuit addresses: the security protocol is encoded in the
`<destination address>` as defined in [`p2p-circuit` Relay Addresses](#p2p-circuit-relay-addresses).

marten-seemann marked this conversation as resolved.
Show resolved Hide resolved
Implementations using [Protocol Select](https://github.com/libp2p/specs/pull/349/)
(**TODO**: update link) MUST encapsulate the security protocol in the multiaddr.
Note that it’s not valid to assume that any node that encapsulated the security
mxinden marked this conversation as resolved.
Show resolved Hide resolved
protocol in their multiaddr also supports Protocol Select.


### The p2p multiaddr

libp2p defines the `p2p` multiaddr protocol, whose address component is the
Expand Down