top | item 44150749

(no title)

goodpanda | 9 months ago

Oh I would love some more details if you think that's the case. With Berb only two clients can connect really. So let's say you somehow guess a peer ID, which is very tough, and connect to a random user. You can technically send a file but they can easily ignore it since they didn't initiate the transfer. That being said, I can definitely add a way to verify the file is legit like the suggestion in the reply with hashes.

discuss

unknown|9 months ago

[deleted]

howtofly|9 months ago

Should users trust the signaling server? IIRC, the signaling server can easily intervene SDP offer/answer so that it can intercept user files or instruct users to send files wherever it wants.

goodpanda|9 months ago

Oh I see what you are saying. Yeah I guess if we didn't know what the signalling server was doing, that would be a valid argument. But in my case we can see the server code is pure and simple. Unless you mean there's a bug that allows an attacker to do that?

Either way, would love to know your thoughts on improving trust with this.