zlacker

[parent] [thread] 2 comments
1. d-z-m+(OP)[view] [source] 2024-03-24 19:37:29
That is true as far as it goes, but how does your node learn the public keys of the other nodes in your tailnet? My understanding is that they are provided by the coordination server, so you have to trust that the public key the coordination server gives you is actually the one for your peer device.

Tailnet lock helps mitigate this by requiring that node public keys are signed by a trusted signing node, but it isn't bulletproof.

replies(1): >>Aerbil+TP
2. Aerbil+TP[view] [source] 2024-03-25 04:41:07
>>d-z-m+(OP)
Public key cryptography doesn’t work like that. If you were given wrong public keys you wouldn’t be able to connect to start with.
replies(1): >>d-z-m+EA1
◧◩
3. d-z-m+EA1[view] [source] [discussion] 2024-03-25 13:08:30
>>Aerbil+TP
> Public key cryptography doesn’t work like that

Like what? I'm saying both sides of the connection would be given the wrong public keys by the coordination server. The private keys of which would be held by a MITM.

[go to top]