I'm not here to report a vulnerability. I was asked for my opinion, and I said I don't like your design.
One specific criticism is that you're using GCM but do not have any sort of Key Commitment in your protocol. That's not a vulnerability, to my knowledge.
Soatok Dreamseeker /
npub1wf…vw2m9
2024-05-17 16:36:18
in reply to nevent1q…c07z
Author Public Key
npub1wfp0azvqh9n27j7zgnej54cr9xjs5x2efztwzurjdpj34ea5vw9qdvw2m9Published at
2024-05-17 16:36:18Event JSON
{
"id": "8d123410c5801d4f84526011019e2dd6a8946dcb0e0c447d77b9c15372e1fa14",
"pubkey": "7242fe8980b966af4bc244f32a570329a50a19594896e1707268651ae7b4638a",
"created_at": 1715963778,
"kind": 1,
"tags": [
[
"e",
"5454e95cbe4aeceaf5561069099f1c329682bfe54d87648eead101a737b920bb",
"",
"root"
],
[
"e",
"5ec458e5b0fe182501a4b52e333cbe4cd390060994763fa5d525f8e1eb848d28",
"",
"reply"
],
[
"p",
"7242fe8980b966af4bc244f32a570329a50a19594896e1707268651ae7b4638a"
],
[
"proxy",
"https://furry.engineer/@soatok/112457402172399969",
"web"
],
[
"p",
"fa2151f367b7a79bbd16adcc24cd9adc17b703d25d56c33211b349f755802e79"
],
[
"p",
"d41a7666ebcef50bb1b20943b5fea0e8147b4a035977ef4524049e5690ae735e"
],
[
"p",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"proxy",
"https://furry.engineer/users/soatok/statuses/112457402172399969",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://furry.engineer/users/soatok/statuses/112457402172399969",
"pink.momostr"
]
],
"content": "I'm not here to report a vulnerability. I was asked for my opinion, and I said I don't like your design. \n\nOne specific criticism is that you're using GCM but do not have any sort of Key Commitment in your protocol. That's not a vulnerability, to my knowledge.",
"sig": "329f0d838dd4d5ae1c387fab3e81962fb13416ab0ed70494022a1fe7f6d50c0bc27649f0dfe981c0bda3fdf246a2d69919ef39a01d4cff2bddec0288b4739b40"
}