simplex on Nostr: 4. Directory service could be modified to enable a MITM attack? Yes This is ...
4. Directory service could be modified to enable a MITM attack? Yes
This is incorrect, as there is no user directory service at all (and no knowledge of even the number of users), and MITM by servers is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).
Published at
2024-08-24 12:18:14Event JSON
{
"id": "1427610cc07f6315c69cb945d4df8ae0976eb2df0d70aac56c258b99edce0e22",
"pubkey": "c998a5739f04f7fff202c54962aa5782b34ecb10d6f915bdfdd7582963bf9171",
"created_at": 1724501894,
"kind": 1,
"tags": [
[
"e",
"c86fd410e1d6f4c50be8d9cabfa4758f6d79d31f0ad7ce9fb965f388d0050e31",
"",
"root"
],
[
"e",
"7d2bbc00796716ed590938bf60ade00cfee519921bf8096a93742a9b867d285e",
"",
"reply"
],
[
"p",
"c998a5739f04f7fff202c54962aa5782b34ecb10d6f915bdfdd7582963bf9171"
]
],
"content": "4. Directory service could be modified to enable a MITM attack? Yes\n\nThis is incorrect, as there is no user directory service at all (and no knowledge of even the number of users), and MITM by servers is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).",
"sig": "33cab5f03b6f4a8505e0b1145b96a8699cda9cfa7854123a08f644a582922a3d9041ae721723ddee1155219f065dc8db7c417b51b1c060550c9d4f6ec9f27cd7"
}