mailserver security considerations, stumps and elaborate a few

This commit is contained in:
Oskar Thoren 2019-08-29 14:34:47 +02:00
parent 25989d65d7
commit 27bc6148c4
No known key found for this signature in database
GPG Key ID: B2ECCFD3BC2EF77E
1 changed files with 20 additions and 0 deletions

View File

@ -31,4 +31,24 @@ TBD.
## Security considerations
### Confidentiality
All Whisper envelopes are encrypted, and a mailserver node can't inspect their contents.
### High-availability
Since mailservers rely on being online to receive messages on behalf of other clients, this puts a high-availability requirement on individual nodes.
In practice, it is best to treat individual nodes as a form of a cache, and ensure consistency of messages at a different layer. See data sync layer.
### Altruistic and centralized operator risk
TBD.
### Privacy concerns
In order to use a mail server, a given node needs to connect to it directly, i.e. add the mail server as its peer and mark it as trusted. This means that the mail server is able to send direct p2p messages to the node instead of broadcasting them. Effectively, it knows which topics the node is interested in, when it is online as well as many metadata like IP address.
### Denial-of-service
TBD.