gui, man: Update docs & translations
This commit is contained in:
Jakob Borg
@@ -1,6 +1,6 @@
|
||||
.\" Man page generated from reStructuredText.
|
||||
.
|
||||
.TH "SYNCTHING-DEVICE-IDS" "7" "Jan 15, 2018" "v0.14" "Syncthing"
|
||||
.TH "SYNCTHING-DEVICE-IDS" "7" "Feb 05, 2018" "v0.14" "Syncthing"
|
||||
.SH NAME
|
||||
syncthing-device-ids \- Understanding Device IDs
|
||||
.
|
||||
@@ -30,7 +30,6 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||||
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||||
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
||||
..
|
||||
.SH DESCRIPTION
|
||||
.sp
|
||||
Every device is identified by a device ID. The device ID is used for address
|
||||
resolution, authentication and authorization. The term “device ID” could
|
||||
@@ -235,32 +234,9 @@ As far as I know, these are the issues or potential issues with the
|
||||
above mechanism.
|
||||
.SS Discovery Spoofing
|
||||
.sp
|
||||
Currently, neither the local nor global discovery mechanism is protected
|
||||
by crypto. This means that any device can in theory announce itself for
|
||||
any device ID and potentially receive connections for that device.
|
||||
.sp
|
||||
This could be a denial of service attack (we can’t find the real device
|
||||
for a given device ID, so can’t connect to it and sync). It could also
|
||||
be an intelligence gathering attack; if I spoof a given ID, I can see
|
||||
which devices try to connect to it.
|
||||
.sp
|
||||
It could be mitigated in several ways:
|
||||
.INDENT 0.0
|
||||
.IP \(bu 2
|
||||
Announcements could be signed by the device private key. This
|
||||
requires already having the public key to verify.
|
||||
.IP \(bu 2
|
||||
Announcements to the global announce server could be done using TLS,
|
||||
so the server calculates the device ID based on the certificate
|
||||
instead of trusting the device to tell the truth.
|
||||
.IP \(bu 2
|
||||
The user could statically configure IP or host name for the devices.
|
||||
.IP \(bu 2
|
||||
The user could run a trusted global server.
|
||||
.UNINDENT
|
||||
.sp
|
||||
It’s something we might want to look at at some point, but not a huge
|
||||
problem as I see it.
|
||||
Currently, the local discovery mechanism isn’t protected by crypto. This
|
||||
means that any device can in theory announce itself for any device ID and
|
||||
potentially receive connections for that device from the local network.
|
||||
.SS Long Device IDs are Painful
|
||||
.sp
|
||||
It’s a mouthful to read over the phone, annoying to type into an SMS or even
|
||||
@@ -284,6 +260,6 @@ accepting the connection.
|
||||
.SH AUTHOR
|
||||
The Syncthing Authors
|
||||
.SH COPYRIGHT
|
||||
2015, The Syncthing Authors
|
||||
2014-2018, The Syncthing Authors
|
||||
.\" Generated by docutils manpage writer.
|
||||
.
|
||||
|
||||
Reference in New Issue
Block a user