Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved security #291

Merged
merged 1 commit into from
Jan 2, 2024
Merged

Improved security #291

merged 1 commit into from
Jan 2, 2024

Conversation

fryorcraken
Copy link
Collaborator

  • Notes are fully encrypted using Waku Message version 1 (no metadata leak)
  • Notes are always encrypted, key is part of the URL
  • Using standard uuid v4 from browser API to generate ID
  • upgraded deps to fix a bug

@fryorcraken
Improved security
165aa2e 
- Notes are fully encrypted using Waku Message version 1 (no metadata leak)
- Notes are always encrypted, key is part of the URL
- Using standard uuid v4 from browser API to generate ID
- upgraded deps to fix a bug
@fryorcraken fryorcraken requested a review from a team as a code owner December 8, 2023 10:02
@fryorcraken fryorcraken requested review from weboko and removed request for a team December 8, 2023 10:02
@fryorcraken fryorcraken mentioned this pull request Dec 13, 2023
Closed
@weboko
Copy link
Contributor

weboko commented Jan 2, 2024

Thank you for showing it @fryorcraken!
Now I understand what you meant by implying that we can fully encrypt messages.
So that it works in a way that consumer reads only messages that it is able to decrypt.

I agree that such way suits note app best.

Additionally I think there are still applications that should have only parts of messages being encrypted so I propose to keep the methods exposed in @waku/message-encryption.

@weboko weboko merged commit 3c7795e into weboko/notes Jan 2, 2024
9 checks passed
@weboko weboko deleted the fry/notes branch January 2, 2024 23:45
@fryorcraken
Copy link
Collaborator Author

fryorcraken commented Feb 6, 2024
edited
Loading

Additionally I think there are still applications that should have only parts of messages being encrypted so I propose to keep the methods exposed in @waku/message-encryption.

I don't really agree with that. It is best if all application encrypt their messages one way or another to prevent any metadata leak.

@weboko
Copy link
Contributor

weboko commented Feb 7, 2024

It is best if all application encrypt their messages one way or another

this not necessarily needed, for example blockchain has everything public and it turns out as a feature - allowing everyone using it as a common DB layer so that anyone can build messages on top of public contracts

ok, we can disagree on this - it is an approach for building app which we are not enforcing
if you insist we can prevent from showcasing it in examples / lab repos

but, I do have another point and that is that - if project is using Waku - then it might need encryption library not only for Waku but some other stuff - example of scenario is when Waku is complementary layer of communication and not main one

in that case it is useful to provide basic encryption in order to decrease amount of packages used by a given project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weboko weboko weboko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fryorcraken @weboko