[bisq-network/bisq] Bisq 2: Security Module Review (Discussion #5944)
chimp1984
notifications at github.com
Fri Dec 31 05:13:13 CET 2021
Thanks for the review!
To your questions:
1. No specific reason. We can change to what you recommend.
2. Yes that is the plan. Each offer will have its key pair. If the user supports multiple networks it gets published on those networks. If a taker contacts the maker they will use the same pub key independent of the network.
3. The user will have the choice between maximal privacy (each trade use a new key pair) or make trade offs to gain other features like the local reputation (e.g. use one global key pair for all trades, or one key pair for all fiat trades, another for all altcoin trades...).
4. Clear-net is the third network type we support (next to Tor and I2P). For traders it will makes probably no sense to use it, but for some network nodes like seed nodes it might have some limited usefulness: To have faster and more reliable connections thus syncing data in the network better. If we find some more meaningful use case like for instance for mobile apps connecting to a relay node we would need some security layer for that as well. I left it out so far to reduce complexity, but could be added if we see a need.
5. I looked a bit into it but was not clear how to use it. Could you make a prototype for the encryption scheme using the noise protocol framework?
6. Good point. Maybe the noise protocol framework does support that as well?
Yes would be great if you can take over that part! I am not a cryptographer...
Regarding the `deriveKeyMaterial` method: It was an attempt to derive 2 keys from the shared key, but probably not a good one... feel free to replace it with some more standard way how to do that.
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/discussions/5944#discussioncomment-1890294
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/repo-discussions/5944/comments/1890294 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211230/927eb2e5/attachment-0001.htm>
More information about the bisq-github
mailing list