| ▲ | fiatjaf 5 days ago | |||||||
Unfortunately this paper doesn't live up to its goal of being a cheap attack on Nostr. The fact is that clients do verify signatures from events received from servers, that is in the protocol specification and should be obvious to anyone mildly honest. The entire assumption of the paper is that clients don't do that and it is void. Yes, they did find a couple of clients 2 years ago that didn't verify signatures -- so much for a vulnerability in the protocol. I guess they wanted Nostr to have a code police arresting client developers who didn't finish their implementation? Aside from that the attacks they demonstrated depend on a bunch of other absurd circumstances (like you have to manually and voluntarily type the URL of the attacker server in order to be attacked) but it's not even worth talking about them since the basic assumption is so completely false already. The encrypted messages stuff is not even a core part of Nostr anyway, Nostr is a broadcasting protocol for public or semi-public content. Encryption can be added on top and there are multiple ways and proposals for how to do it, including an implementation of MLS and other methods and I personally mostly do not care about any. I wish the paper authors were more honest and republished their work with the title: "the dangers of trusting a cryptographic signature without verifying it", but I imagine that it would have been too obvious and worthless if it was phrased like that. | ||||||||
| ▲ | tptacek 5 days ago | parent [-] | |||||||
They're academic cryptography researchers. They do not care what messaging system you use. This is what academic messaging cryptography papers look like; a paper like this is why Matrix transitioned (is transitioning?) from ad hoc cryptography to MLS. | ||||||||
| ||||||||