From 6f5eae0d12ff71e4959c6a5fc636a2efb871aa6f Mon Sep 17 00:00:00 2001 From: Sanaz Taheri Boshrooyeh <35961250+staheri14@users.noreply.github.com> Date: Wed, 11 Aug 2021 12:22:27 -0700 Subject: [PATCH] Clarification about mailserver trust requirement (#450) * clarification about mailservers trust assumption * some revisions * ID/IP * minor fix * updates mail server security considerations --- content/docs/rfcs/6/README.md | 10 +++++++++- content/docs/rfcs/8/README.md | 6 +++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/content/docs/rfcs/6/README.md b/content/docs/rfcs/6/README.md index 243fbdf6..66eff649 100644 --- a/content/docs/rfcs/6/README.md +++ b/content/docs/rfcs/6/README.md @@ -472,7 +472,15 @@ Waku currently lacks incentives to run nodes, which means node operators are mor #### Light node privacy: -The main privacy concern with light nodes is that directly connected peers will know that an envelope originates from them (as it are the only ones it sends). This means nodes can make assumptions about what envelopes (topics) their peers are interested in. +The main privacy concern with a light node is that it has to reveal its topic interests (in addition to its IP/ID) to its directed peers. This is because when a light node publishes an envelope, its directed peers will know that the light node owns that envelope (as light nodes do not relay other envelopes). Therefore, the directed peers of a light node can make assumptions about what envelopes (topics) the light node is interested in. + + +#### Mailserver client privacy: + +A mailserver client fetches archival envelopes from a mailserver through a direct connection. +In this direct connection, the client discloses its IP/ID as well as the topics/ bloom filter it is interested in to the mailserver. +The collection of such information allows the mailserver to link clients' IP/IDs to their topic interests and build a profile for each client over time. +As such, the mailserver client has to trust the mailserver with this level of information. #### Bloom filter privacy: diff --git a/content/docs/rfcs/8/README.md b/content/docs/rfcs/8/README.md index a4e484ce..0cd0c733 100644 --- a/content/docs/rfcs/8/README.md +++ b/content/docs/rfcs/8/README.md @@ -96,7 +96,11 @@ A mailserver has to be online to receive envelopes for other nodes, this puts a **Mailserver client privacy:** -A mailserver client has to trust a mailserver, which means they can send direct traffic. This reveals what topics / bloom filter a node is interested in, along with its peerID (with IP). +A mailserver client fetches archival envelopes from a mailserver through a direct connection. +In this direct connection, the client discloses its IP/ID as well as the topics/ bloom filter it is interested in to the mailserver. +The collection of such information allows the mailserver to link clients' IP/IDs to their topic interests and build a profile for each client over time. +As such, the mailserver client has to trust the mailserver with this level of information. +A similar concern exists for the light nodes and their direct peers which is discussed in the security considerations of [6/WAKU1](/spec/7). **Mailserver trusted connection:**