Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: fetch_root_key refuses to play along if called on the mainnet #526
base: main
Are you sure you want to change the base?
fix: fetch_root_key refuses to play along if called on the mainnet #526
Changes from 2 commits
d9a0dbf
d7fee85
16f5836
953ce05
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This wouldn't apply in case of an actual man-in-the-middle-attack.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. What this is meant to protect against is accidentally fetching the root key on mainnet, which opens the door to the man-in-the-middle attack.
This applies in the case where you are erroneously fetching the root key on mainnet. Prior to this change you won't notice, because everything works: you fetch the root key from mainnet, replace your root key with it (the same key), and go about your day. You shouldn't have, but no harm done, right? It "works" locally, it "works" on mainnet, it "works" on any testnet. It "works" everywhere; there's just one problem...
Then one day, you connect with the agent, only there's been a DNS hack and you connect somewhere else: a man-in-the-middle. You fetch the root key, like you always do. It's not the the IC_ROOT_KEY this time, but you don't notice, and all the signatures check out. You're fallen for the man-in-the-middle attack.
This change is intended to make you notice that you are fetching the root key from mainnet (opening yourself up to this attack) and stop doing that.
Does that make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does make sense to nudge people not to fetch the root key from mainnet. But if we wanted to make sure that people don't fetch the root key from mainnet, we'd need to take the URL into account.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are other places that look at the URL and later skip the call or flag this as an error. But I wouldn't consider them as making sure, because there are a lot of ways to express the same URL.
This method however does seem like a way of making sure that you aren't blithely calling fetch_root_key against , because if you do, the only time it doesn't notice is if there is a MITM attack going on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. Thank you for your explanations!