Hi Jacki, Thanks for your quick response. I wanted to clarify the goals and scope of my project to help discussion. My goal is to have a fully decentralized and private email system, while also aiming to introduce non-technical users to GNUnet. Eventually, I want to build a system that can operate without the Internet and withstand hostile environments.
There are two key properties I want to achieve with this project. First, I want to ensure strong privacy guarantees for both the sender and receiver of messages. Second, I want to enable communication between parties who may not be online simultaneously. After reading the messenger service API and briefly the service source code, From my understanding, the messenger service is a server/client architecture and uses CADET for message transport. It functions similarly to IRC but on GNUnet. My concerns with CADET is that it doesn't offer the desired privacy level. Mainly from the lack of onion routing. Once a CADET connection is established, both the server and client are aware of each other's peer (node) identity. It's relatively easy to obtain the counterpart's IP address via gnunet-peerinfo. Even if the counterpart is not a direct peer but connected through a series of GNUnet nodes. I think it's still not overly hard to extract the physical location from CADET's channel path. This poses threats for situations like the user is a journalist operating in a hostile environment. If the node hosting the room is hacked or if someone discovers the peer ID, the user's location could be exposed. In such cases, users would be better off hiding their IP connected to GNUnet using Tor, which defeats the purpose of utilizing GNUnet in the first place. Instead, I planned for my system to send messages by first publishing a short-lived, encrypted version to the FS. Then, using the DHT as a mailbox to notify the recipient that new messages are available. This approach ensures that neither the sender nor the receiver is aware of each other's peer identity, yet they can retrieve messages using their respective egos. While this method introduce higher latency compared to CADET, I believe it's an acceptable tradeoff for the enhanced privacy. There are additional complexities involved in scenarios where the receiver remains offline for extended periods and the sender goes offline after sending, but I won't delve into those details now. Any flaws you can think of in this design? Additionally, I'm curious to know if you think my validate-block-by-dht-service approach is viable. I believe it has the potential to prevent attacks more effectively, rather than relying solely on DHT neighbors behaving and not leaking the mailbox key. It could also help securing GNS its ground. Best regards, Martin ------- Original Message ------- On Sunday, May 28th, 2023 at 9:15 PM, thejackimons...@gmail.com <thejackimons...@gmail.com> wrote: > Hi Martin, > > the GNUnet messenger service technically allows receiving messages > afterwards already. Nodes in a groupchat or direct chat can request > missed messages from each other. I agree that it makes more sense to > deliver messages via a mailbox in the DHT in some cases. > > Maybe that ability could be integrated into the messenger service > rather than implemented as another separate option? > > This might also help with your problem because the messenger service > has its own mechanism in place to exchange EGO public keys with the > contacts in a chat. So these are known inside a chat. > > We could even add a new message type to register a specific place in > the DHT as mailbox for messages the contacts could check. That might > also help to prevent attackers from flooding the DHT using the specific > keys. > > What do you think? > > Best regards, > Jacki > > On Sun, 2023-05-28 at 09:17 +0000, marty1885 wrote: > > > > Hi, > > > > > > I've been working on my own to build a private messaging system on > > > GNUnet (just for fun, as a hobby project). It's not exactly the > > > same > > > as libgnunetchat. My goal is to create a system that works like > > > email > > > and supports message delivery even when the receiving node is > > > offline. > > > No working code yet, just designing and building my C++ binding. > > > The > > > binding is available on my GitHuib > > > (https://github.com/marty1885/gnunetpp). > > > > > > After iterations of design and failing. I realized a challenge when > > > Alice sends a message to Bob while Bob is offline. Bob needs to > > > publish his encryption public key on DHT under the hash of his > > > Ego's > > > public key `hash(bob_ego_pk)`. However, attackers who know Bob's > > > ego > > > can flood the DHT with garbage data, making it difficult for Alice > > > to > > > find the actual record. Since the DHT functions as a plain key- > > > value > > > store, there's no way to prevent attackers from doing so. > > > > > > I want to add a few self-authenticating blocks that all nodes > > > validate > > > and do not propagate or store if the validation fails. This way, > > > attackers won't be able to spam garbage data in the hopes of hiding > > > Bob's public key. Even if they try, other nodes around them will > > > see > > > the invalid messages and stop the attack right there. This > > > validation > > > process is similar to how CADET validates messages before sending > > > or > > > receiving. After reading the DHT source code, it seems that it only > > > validates the HELLO messages. Also, the current DHT block types are > > > quite specific besides the TEST block. I believe GNUnet could > > > benefit > > > from having blocks that can store generic messages. > > > > > > Could someone point me in the right direction to get started? I > > > understand that in order to contribute, I'll need to sign the PDF > > > and > > > send an email to GANA to add the types. Is there anything else I > > > should do? I've attached some preliminary details, in case they are > > > helpful. > > > > > > Best regards, > > > > > > Martin > > > > > > ================================= > > > > > > I would like to introduce two new block types: SELF_HASH and > > > ECDSA_SELF_SIGNED. SELF_HASH functions similarly to how the FS > > > block > > > works. In SELF_HASH, the DHT key must be the hash of the entire > > > block. > > > This block type is useful for sharing anonymous public messages > > > while > > > preventing attackers from overwhelming it. > > > > > > ECDSA_SELF_SIGNED works similarly to GNS's block. The structure of > > > the > > > message would look like the following: > > > > > > > > ----------|------|----------...--------------|------------| > > > > > > ECDSA-PK TOPIC message SIG > > > > > > SIG represents the ECDSA signature of all the preceding bytes, > > > including the PK and the topic. This block type must be published > > > under HMAC(PK, TOPIC). This block allows Egos to publish > > > information. > > > > > > For both block types, it's possible to add an extra layer of > > > indirection and encryption for better privacy and security. I have > > > omitted them to keep the explanation simple. > > > > > > Also I understand that this could be achieved by using the GNS as a > > > key-value store. But that seems excessive and just not right. > > > > > > Or maybe I should just publish GNS blocks and let GNS do the > > > filtering?
