Eth2.0-specs: Allow Only Snappy-Compressed Encoding

Created on 24 Jun 2020  路  4Comments  路  Source: ethereum/eth2.0-specs

Hi all,

Currently Prysm allows for both snappy compressed and regular ssz encoded messages via p2p. Our security audit concluded allowing these two options is a security risk that can result in a network partition of someone operates nodes without snappy and others operate nodes with snappy enabled. Is there still a need for non-snappy encoded messages in the networking spec, or should the spec enforce snappy-compressed only?

discussion networking
Source
picture rauljordan

Most helpful comment

Thinking we remove this in the v0.12.2 release unless anyone is relying upon it and with good reason to continue to support

picture djrtwo on 9 Jul 2020
👍3

All 4 comments

We can discuss this during the implementers call today: https://github.com/ethereum/eth2.0-pm/issues/162#issuecomment-649079956

protolambda picture protolambda on 25 Jun 2020

So we certainly shouldn't have non-snappy in gossip.
We have in currently in the req/resp which shouldn't be a security risk, but I don't see a particular use case for this

djrtwo picture djrtwo on 25 Jun 2020

Thinking we remove this in the v0.12.2 release unless anyone is relying upon it and with good reason to continue to support

djrtwo picture djrtwo on 9 Jul 2020
👍3

closed via #1982

djrtwo picture djrtwo on 23 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

decanus picture decanus  路  5Comments
paulhauner picture paulhauner  路  4Comments
protolambda picture protolambda  路  4Comments
benjaminion picture benjaminion  路  3Comments
dangerousfood picture dangerousfood  路  5Comments