perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Docs and translation update

Browse Source
This commit is contained in:
Jakob Borg
2015-09-27 22:31:19 +02:00
parent ad2c05c3f5
commit 3c6bfb880d
40 changed files with 195 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
man/syncthing-security.7
View File

@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SYNCTHING-SECURITY" "7" "August 20, 2015" "v0.11" "Syncthing"
.TH "SYNCTHING-SECURITY" "7" "September 23, 2015" "v0.11" "Syncthing"
.SH NAME
syncthing-security \- Security Principles
.
@@ -36,11 +36,11 @@ possible for an attacker to join a cluster uninvited, and it should not be
possible to extract private information from intercepted traffic. Currently this
is implemented as follows.
.sp
All traffic is protected by TLS. To prevent uninvited nodes from joining a
cluster, the certificate fingerprint of each node is compared to a preset list
of acceptable nodes at connection establishment. The fingerprint is computed as
the SHA\-256 hash of the certificate and displayed in BASE32 encoding to form a
reasonably compact and convenient string.
All device to device traffic is protected by TLS. To prevent uninvited nodes
from joining a cluster, the certificate fingerprint of each node is compared
to a preset list of acceptable nodes at connection establishment. The
fingerprint is computed as the SHA\-256 hash of the certificate and displayed
in BASE32 encoding to form a reasonably compact and convenient string.
.sp
Incoming requests for file data are verified to the extent that the requested
file name must exist in the local index and the global model.
@@ -51,15 +51,20 @@ for reporting security vulnerabilities, please see the official \fI\%security pa
.SS Global Discovery
.sp
When global discovery is enabled, Syncthing sends an announcement packet every
30 minutes to the global discovery server, so that it can keep a mapping between
your device ID and external IP. Also, when connecting to other devices that have
not been seen on the local network, a query is sent to the global discovery
server containing the device ID of the requested device. The discovery server is
30 minutes to the global discovery server so that it can keep a mapping
between your device ID and external IP. The packets contain the device ID and
listening port. Also, when connecting to other devices that have not been seen
on the local network, a query is sent to the global discovery server
containing the device ID of the requested device. The discovery server is
currently hosted by \fI\%@calmh\fP <\fBhttps://github.com/calmh\fP>\&. Global discovery defaults to \fBon\fP\&.
.sp
When turned off, devices with dynamic addresses not on the local network cannot
be found and connected to.
.sp
An eavesdropper on the Internet can deduce which machines are running
Syncthing with global discovery enabled, what their device IDs are, and what
device IDs they are attempting to connect to via global discovery.
.sp
If a different global discovery server is configured, no data is sent to the
default global discovery server.
.SS Local Discovery