diff options
| author | Pablo Fernandez <p@f7z.io> | 2023-10-19 11:04:46 +0300 |
|---|---|---|
| committer | Pablo Fernandez <p@f7z.io> | 2023-10-19 11:40:49 +0300 |
| commit | 3b1d74e116230e7f37effd108536943557633472 (patch) | |
| tree | 8acafc2fd810c467ad11d8a34ee178b90714aa26 /41.md | |
| parent | b3920f76b4f8adde785de785153b49e92be75f35 (diff) | |
update README
Diffstat (limited to '41.md')
| -rw-r--r-- | 41.md | 10 |
1 files changed, 7 insertions, 3 deletions
| @@ -76,13 +76,17 @@ When users who follow the old pubkey see a `kind:1777` event they SHOULD: | |||
| 76 | 76 | ||
| 77 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. | 77 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. |
| 78 | 78 | ||
| 79 | ### Notes | 79 | ## Notes |
| 80 | 80 | ||
| 81 | #### Rational behind the 30 days delay | 81 | ### Rational behind the 30 days delay |
| 82 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. | 82 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. |
| 83 | 83 | ||
| 84 | #### Preventing unpublished evil `kind:1777` attack | 84 | ### Preventing unpublished evil `kind:1777` attack |
| 85 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 30 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 30 days of the attestation have elapsed. | 85 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 30 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 30 days of the attestation have elapsed. |
| 86 | 86 | ||
| 87 | #### Preventing poorly-distributed evil `kind:1777` attack | 87 | #### Preventing poorly-distributed evil `kind:1777` attack |
| 88 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. | 88 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. |
| 89 | |||
| 90 | ### Future Work | ||
| 91 | |||
| 92 | Key migration can be done in multiple ways. This is an initial implementation that can work. This mechanism should be extended with other, alternative mechanisms, that can leverage different flows/tradeoffs (e.g. social recovery). \ No newline at end of file | ||