Namecoin Local PGP Keyserver Plugin

Forum rules
Warning !
Avoid using binary softwares from untrusted users.
Prefer compiling it yourself and verify sources.
biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Namecoin Local PGP Keyserver Plugin

Post by biolizard89 »

Some preliminary review:

https://github.com/phelix/npkh/blob/8c8 ... er.py#L208

It's not immediately obvious to me what the purpose of idFprs is. Is this a cache of some kind? Maybe add some comments explaining this.

https://github.com/phelix/npkh/blob/8c8 ... er.py#L212

It's not immediately obvious what the threat model of proxy_to_standard_pks . It looks to me like this function assumes that the caller is responsible for verifying the authenticity of the data returned by the remote keyserver. Is that correct? Maybe add some comments about this.

https://github.com/phelix/npkh/blob/8c8 ... er.py#L231

It's not immediately obvious to me what searchFpr will contain. It looks like this might be a caching mechanism but I'm not certain. Adding some comments about this would be helpful.

https://github.com/phelix/npkh/blob/8c8 ... thproxy.py

It looks like you're distributing a copy of https://github.com/jgarzik/python-bitcoinrpc . Is that correct? I'd be more comfortable if there were instead a dependency on the original version, so that users don't have to audit whether your version is identical to Jeff Garzik's version.

I'll post some additional review later.

Cheers!
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Namecoin Local PGP Keyserver Plugin

Post by biolizard89 »

More review (based on what GitHub says is Git commit 8c86d534ec0c40403ceb6bef66990f43e957d5c6)

https://github.com/phelix/npkh/blob/mas ... dler.py#L7

I'm fine with this legacy workaround, since Bottle 0.13 isn't in Debian Stretch right now.

Generally speaking, it is difficult to follow the intended flow of the code for common use cases (e.g. looking up an id/ identity). It would probably be helpful to add a comment block at the top of the file that summarizes the intended flow.

The feedback I've given so far is mostly related to auditability. I'm probably not going to try to audit the code further until the requested auditability requests are addressed. Once they are addressed, I will continue reviewing.

Cheers!
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Namecoin Local PGP Keyserver Plugin

Post by phelix »

Updated!
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Namecoin Local PGP Keyserver Plugin

Post by biolizard89 »

According to https://github.com/phelix/npkh/blob/a3e ... dler.py#L9 , keys are usually requested in 2 steps: an "index" operation (which converts text to a fingerprint) and a "get" operation (which retrieves a key for a given fingerprint).

However, at https://github.com/phelix/npkh/blob/a3e ... er.py#L335 the tests for the "get" operation are looking up by text rather than by fingerprint. It's not clear to me why this is the case. Furthermore, it seems to me that this usage will violate the security assumption "The integrity of the returned data will be validated externally in GPG (e.g. verifying that a key matches a long fingerprint).". Can this apparent discrepancy be clarified?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Namecoin Local PGP Keyserver Plugin

Post by phelix »

Yes, a "get" operation with a Namecoin ID would only work with a client aware of the local server and Namecoin IDs.

The note at the top just means that the script itself will not check that returned keys match the fingerprint in the request, in favor of a dependency less. It would be quite easy to do it though, see the comment and commented out implementation code following line 93. Every sane handling of requesting a key would check this I guess but I wanted to be clear about it.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Namecoin Local PGP Keyserver Plugin

Post by phelix »

Update! Yay! You can play on the command line now, too!

https://github.com/phelix/npkh
biolizard89 wrote:
Sun Mar 04, 2018 11:07 am
According to https://github.com/phelix/npkh/blob/a3e ... dler.py#L9 , keys are usually requested in 2 steps: an "index" operation (which converts text to a fingerprint) and a "get" operation (which retrieves a key for a given fingerprint).

However, at https://github.com/phelix/npkh/blob/a3e ... er.py#L335 the tests for the "get" operation are looking up by text rather than by fingerprint. It's not clear to me why this is the case. Furthermore, it seems to me that this usage will violate the security assumption "The integrity of the returned data will be validated externally in GPG (e.g. verifying that a key matches a long fingerprint).". Can this apparent discrepancy be clarified?
It seems I did not quite grasp your critique back then but I did now. All keys handed out are now validated against the requesting or id/name derived fingerprint. This means it should be safe to retrieve a name on the command line via id/name.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Namecoin Local PGP Keyserver Plugin

Post by phelix »

Name creation date is shown in Enigma now. Also bounty paid out!
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

Post Reply