undefined | Better HN

0 pointstscs379y ago0 comments

>The old content remains visible and online if the private key is leaked, afaik.

The problem is that content that is not access becomes garbage collected and that links and listings will most likely not point towards the hash itself and instead at the IPNS entry.

It doesn't have much more protection than a DNS entry if the private key is stolen; you could use the last known IP but it's not very practical and might eventually become dead if the IP changes.

In the same way, the old content may remain online after an attacker takes over and people could continue using it but it only remains online if people are using it. If the attack remains unknown for long enough there is no previous version IIRC.

>I think there was some discussion about having there be a chain

Still same problem, if the private key gets leaked, a malicious attacker can manipulate the entries on the chain.

The real solution is something like Swarm or Filecoin where Users can actually encourage keeping old versions around, something IPFS lacks atm. Theoretically any IPFS link can become dead once it's no longer used, which is a problem.

Merely putting the entries on chain solves little, you need to actually encourage archiving of data to get resilient against attacks.

Even then, you would also need some sort of PKI, where someone can set a master key which authorizes other nodes to manipulate content and can also revoke that. This allows to easily fight off attacks based on leaked private keys.

However, the PKI should remain largely private, not much different to Bitcoin Cold and Hot Wallets.

0 comments

3 comments · 1 top-level

IanCal9y ago· 2 in thread

I'm not sure what attack you're talking about then. If someone steals my key and points my IPNS location to a new file, I'd likely still be hosting the files right?

> you need to actually encourage archiving of data to get resilient against attacks.

Yes, but this feels like a distinct issue. Neither of these things are enough on their own (encouraging mirrors or providing the tech to distribute the hosting).

tscs37OP9y ago

>I'd likely still be hosting the files right?

Yes but the entire web points to the wrong files since you no longer own the IPNS location.

It's similar to loosing access to your DNS configuration or loosing your GPG keys to an attacker.

IanCal9y ago

> Yes but the entire web points to the wrong files since you no longer own the IPNS location.

Along with a link to all previous versions if there's a chain. And anyone pointing to a specific version will still see that rather than the new one.

> It's similar to loosing access to your DNS configuration

Yes.

> or loosing your GPG keys to an attacker.

I think that's a bit strong.

> >I think there was some discussion about having there be a chain

> Still same problem, if the private key gets leaked, a malicious attacker can manipulate the entries on the chain.

I'm really not sure that's right, IPNS doesn't give you the ability to edit content.

1 more reply

j / k navigate · click thread line to collapse