Safely discovering which workspaces you have in common with another peer (without disclosing the others) about earthstar HOT 2 CLOSED

Problem

The above protocol is safe against MitM, but once both peers know which workspaces they have in common they will start syncing them in plaintext with each other. At that point a MitM will observe the actual workspace address (and actual data).

An example attack is: "Hey everyone, use my cool pub https://totally-safe-pub.com. It definitely is not just a proxy that forwards your requests to an actual pub in order to learn the names of your workspaces!! Look it's https, very safe"

Solution

Right now when our peers talk, in general, they don't authenticate or know the identity of each other.

I think we need to do a secure key exchange like secret-handshake which identifies the peers to each other.

This means each peer needs to have a keypair.

For regular peers: I think it's ok for secret-handshake to re-use the same author keypair across multiple devices?

For pubs: we'll have to generate keypairs for them, and... trust on first use, or add them into the pub URL?

BTW, I don't want to start treating pubs as part of the human social graph like SSB does. Earthstar doesn't even have a social graph actually!

from earthstar.

Other solutions

Once we have these two...

• #7 Invite Only Workspaces (limited people can write to a workspace)
• #11 or #49 Encrypted Documents (limited people can decrypt/read)

...it won't matter as much if random people learn your workspace address.

In the long run that's probably a better and safer approach -- encrypt the actual data instead of just encrypting the transport using secret-handshake.

Also, to clarify: in the proposed algorithm, a MitM can only learn of the workspaces the two peers have in common, not the ones that are unique to one side.

from earthstar.