Add initial warnings against OHTTP request reuse#828
Add initial warnings against OHTTP request reuse#828nothingmuch merged 1 commit intopayjoin:masterfrom
Conversation
0xZaddyy
force-pushed
the
docs/ohttp-no-reuse-warning-819
branch
from
17beeee to
f01dffa
Compare
Pull Request Test Coverage Report for Build 16027685870Details
💛 - Coveralls |
There was a problem hiding this comment.
Is This the Right Direction?
Yes =)
I posted some comments elaborating on the rationale.
Something to keep in mind is not to over-state the benefit of avoiding reuse, for example in the event that both the sender and receiver use the same relay there would still be some concern about linking them together as participants in the same session and even inferring who is the receiver and who is the sender. If the encapsulated GET requests are reused that would make it much easier for a relay to infer that information, but ensuring each encapsulated request is fresh doesn't fully prevent that.
payjoin-ffi/src/send/mod.rs
Outdated
|
|
||
| impl WithReplyKey { | ||
| /// Important: This request must not be retried or reused on failure. | ||
| /// Retransmitting the same ciphertext breaks OHTTP security properties. |
There was a problem hiding this comment.
| /// Retransmitting the same ciphertext breaks OHTTP security properties. | |
| /// Retransmitting the same ciphertext breaks OHTTP privacy properties. |
The specific concern is that the relay can see that a request is being retried, which leaks that it's all the same polling request.
payjoin/src/core/receive/v1/mod.rs
Outdated
| //! | ||
| //! OHTTP-encapsulated requests—whether GET or POST—**must not be retried or reused**. | ||
| //! | ||
| //! Reusing an encapsulated request may retransmit the same ciphertext, which breaks the |
There was a problem hiding this comment.
| //! Reusing an encapsulated request may retransmit the same ciphertext, which breaks the | |
| //! Reusing an encapsulated request will retransmit the same ciphertext, which breaks the |
the encapsulated request is a header followed by the ciphertext, so if it's POSTed twice to the relay, the relay can observe that it is the same as in the previous request
those two requests can aleady be linked by the relay due to metadata, e.g. ip address, but seeing repeats additionally reveals information about how the client is interacting with the directory
payjoin/src/core/receive/v1/mod.rs
Outdated
| //! OHTTP-encapsulated requests—whether GET or POST—**must not be retried or reused**. | ||
| //! | ||
| //! Reusing an encapsulated request may retransmit the same ciphertext, which breaks the | ||
| //! anonymity and unlinkability guarantees provided by the OHTTP protocol. |
There was a problem hiding this comment.
git complains about trailing spaces, so best to filter these out for the whole file
| //! anonymity and unlinkability guarantees provided by the OHTTP protocol. | |
| //! anonymity and unlinkability guarantees provided by the OHTTP protocol. |
0xZaddyy
force-pushed
the
docs/ohttp-no-reuse-warning-819
branch
6 times, most recently
from
09f7bdb to
3d56cc3
Compare
Thanks! I’ve made a few corrections If there are other places where you'd prefer to see these comments added or removed I’d really appreciate the suggestions. |
nothingmuch
left a comment
nothingmuch
left a comment
There was a problem hiding this comment.
Could you let me know if the locations I placed the warnings are appropriate?
Yeah, I think the module level stuff on v2 sender & receiver is the right place
Also, is the structure and phrasing of the warnings aligned with what you had in mind?
Yep! I've made some suggestions, and corrections re v1 stuff that doesn't use OHTTP
0xZaddyy
force-pushed
the
docs/ohttp-no-reuse-warning-819
branch
from
3d56cc3 to
274cc15
Compare
|
Alright boss, fixed. |
nothingmuch
left a comment
nothingmuch
left a comment
There was a problem hiding this comment.
please verify that all methods with the warning are definitely related to v2, that the request is actually an OHTTP encapsulated one, and that "polling request" vs. just "request" is consistent
0xZaddyy
force-pushed
the
docs/ohttp-no-reuse-warning-819
branch
2 times, most recently
from
1b01a1b to
1dcebdf
Compare
Adds a security warning to the top level `receive` module docs to clarify that OHTTP-encapsulated requests (GET and POST) must not be retried or reused. Reusing an encapsulated request can retransmit identical ciphertext, violating OHTTP's privacy guarantees.
0xZaddyy
force-pushed
the
docs/ohttp-no-reuse-warning-819
branch
from
1dcebdf to
372c360
Compare
|
All corrections have been made, boss! |
3 participants
Document OHTTP Request Non-Reusability
This PR addresses #819 by documenting that OHTTP-encapsulated requests must not be reused or retried, due to the risk of retransmitting ciphertext and violating OHTTP's privacy guarantees.
What's Included:
A top-level warning was added to the receive module docs (//!) to highlight the security implications of request reuse.
Closes #819