My understanding is that the signaling server could be used as the perfect place to perform MITM attack. The README does not mention how berb addresses this concern at all.
Oh I would love some more details if you think that's the case. With Berb only two clients can connect really. So let's say you somehow guess a peer ID, which is very tough, and connect to a random user. You can technically send a file but they can easily ignore it since they didn't initiate the transfer. That being said, I can definitely add a way to verify the file is legit like the suggestion in the reply with hashes.
Should users trust the signaling server? IIRC, the signaling server can easily intervene SDP offer/answer so that it can intercept user files or instruct users to send files wherever it wants.
goodpanda|9 months ago
unknown|9 months ago
[deleted]
howtofly|9 months ago
notpushkin|9 months ago