freedomofpress/securedrop-protocol issues and pull requests

#57 - Anonymity "Attacks" by Malicious Server

Issue - State: open - Opened by felixlinker about 1 month ago - 1 comment

#56 - Attack on indistinguishability: server excludes some journalists when keys are fetched

Issue - State: open - Opened by lumaier about 2 months ago - 2 comments

#55 - Missing Message Agreement

Issue - State: open - Opened by lumaier about 2 months ago - 3 comments
Labels: protocol research, security

#54 - Update README section 'Limitations and Discussion'

Issue - State: open - Opened by lsd-cat 2 months ago
Labels: documentation

#53 - Vulnerability found: Key Replacement on Source Submission

Issue - State: open - Opened by lumaier 4 months ago - 2 comments
Labels: security

#52 - README: check consistency of indexes and iterators

Issue - State: open - Opened by lsd-cat 4 months ago
Labels: documentation

#51 - README: suggested improvements for protocol flow diagram

Issue - State: open - Opened by lumaier 4 months ago
Labels: documentation

#50 - Update README of Journalist and Source message_id fetching protocol

Pull Request - State: closed - Opened by lumaier 4 months ago - 1 comment

#49 - Bucketing proposal to drop the message limit

Issue - State: open - Opened by lsd-cat 6 months ago - 2 comments
Labels: protocol research

#48 - Refactor to be KEM-oriented instead of DH-oriented

Issue - State: open - Opened by bifurcation 6 months ago - 5 comments
Labels: protocol research

#47 - Add repository overview to README

Pull Request - State: closed - Opened by eloquence 6 months ago - 1 comment

#46 - Add brief inventory of PoC implementation

Issue - State: closed - Opened by eloquence 6 months ago - 1 comment

#45 - Discussion of server attack scenarios (and clarification of protocol goals)

Issue - State: open - Opened by rocodes 6 months ago

#44 - Better terminology to describe server posture

Issue - State: open - Opened by rocodes 6 months ago

#43 - message_id enumeration requirements

Issue - State: open - Opened by ayende 6 months ago - 4 comments

#42 - Rust and Go

Issue - State: closed - Opened by yonas 6 months ago - 1 comment

#41 - Potential vulnerability with the use of scalarmult to generate keys

Issue - State: closed - Opened by ayende 6 months ago - 3 comments
Labels: question, security

#40 - Update README prior opening access; remove outdated wiki page; add blog posts and audit info.

Pull Request - State: closed - Opened by lsd-cat 6 months ago

#39 - Reverting "Fix misc. string encoding issues" to fix manual merging error

Pull Request - State: closed - Opened by lsd-cat 7 months ago - 1 comment

#38 - Copyedit pass on README.md & code comments

Pull Request - State: closed - Opened by eloquence 7 months ago

#37 - Fix misc. string encoding issues

Pull Request - State: closed - Opened by eloquence 7 months ago - 1 comment

#36 - Address and analyze the preliminary audit

Issue - State: open - Opened by lsd-cat 7 months ago - 1 comment
Labels: protocol research, security

#35 - Compare to and use Oblivious Message Retrieval terminology

Issue - State: closed - Opened by lsd-cat 8 months ago - 2 comments
Labels: documentation

#34 - Why not using MLS ?

Issue - State: closed - Opened by beurdouche 10 months ago - 1 comment
Labels: question

#33 - Formal Analysis of Protocol

Issue - State: open - Opened by felixlinker 10 months ago - 4 comments
Labels: formal methods

#32 - Define PKI structure and policies

Issue - State: open - Opened by lsd-cat 11 months ago
Labels: protocol research, security

#31 - Server might swap, replace, replay ciphertexts

Issue - State: open - Opened by lsd-cat 11 months ago - 2 comments
Labels: security

#30 - Decide the deniability/authenticity requirements for the message encryption

Issue - State: open - Opened by lsd-cat 11 months ago - 5 comments
Labels: protocol research

#29 - draft TLA+ model of the server as a message queue with clients

Issue - State: open - Opened by cfm 12 months ago
Labels: formal methods

#28 - compare attachment design with MIMI external-content proposal

Issue - State: open - Opened by cfm about 1 year ago

#27 - Add clear statement of the desired security properties

Issue - State: open - Opened by lsd-cat about 1 year ago
Labels: documentation

#26 - draft Tamarin security model

Issue - State: closed - Opened by cfm about 1 year ago - 6 comments
Labels: formal methods

#25 - Journalist fetching keys are signed and verified using the newsroom key instead of their own signing key

Issue - State: closed - Opened by lsd-cat about 1 year ago - 1 comment
Labels: bug

#24 - Drop python-ecdsa and port all crypto operations to libsodium

Pull Request - State: closed - Opened by lsd-cat about 1 year ago - 4 comments

#23 - Migrate to a cross-platform, well-established crypto library

Issue - State: closed - Opened by lsd-cat about 1 year ago - 5 comments
Labels: enhancement

#22 - diagram asymmetric construction

Pull Request - State: closed - Opened by cfm about 1 year ago - 2 comments

#21 - consider domain-agnostic terminology for protocol participants

Issue - State: open - Opened by cfm about 1 year ago - 3 comments
Labels: documentation

#20 - Add info about source submission to journalists; add info regarding the need to hash the result of DH agreements

Pull Request - State: closed - Opened by lsd-cat about 1 year ago - 2 comments

#19 - Readme wording suggestions

Pull Request - State: closed - Opened by rocodes about 1 year ago - 1 comment

#18 - summarize client-side asymmetry

Pull Request - State: closed - Opened by cfm about 1 year ago

#17 - Implemented newer message fetching mechanism; minor code refactoring; major documentation refactoring

Pull Request - State: closed - Opened by lsd-cat about 1 year ago - 1 comment

#16 - Consider removing Diffie-Hellman operations with inverted keys

Issue - State: closed - Opened by eaon about 1 year ago - 25 comments
Labels: enhancement, protocol research

#15 - Consider replacing references to "zero-knowledge" and "proofs"

Issue - State: closed - Opened by eaon about 1 year ago - 2 comments

#14 - Understand the feasibility of source to source communication

Issue - State: closed - Opened by lsd-cat over 1 year ago - 3 comments
Labels: protocol research

#13 - Disallow sources to access or delete their own submissions

Pull Request - State: closed - Opened by eaon over 1 year ago - 1 comment

#12 - Onboard Jen & Mickael

Issue - State: closed - Opened by sssoleileraaa over 1 year ago - 3 comments

#11 - Onboard Nathan

Issue - State: closed - Opened by eloquence over 1 year ago - 2 comments

#10 - Sources are able to access and delete attachments/uploads because they know the `file_id`

Issue - State: open - Opened by eaon almost 2 years ago - 9 comments
Labels: protocol research

#9 - Ephemeral Keys in replies (journalist to source)

Pull Request - State: open - Opened by lsd-cat almost 2 years ago - 2 comments

#8 - Treat messages and metadata as attachments

Pull Request - State: open - Opened by lsd-cat almost 2 years ago - 1 comment

#7 - Add Threads view to Journalists

Pull Request - State: closed - Opened by TheZ3ro almost 2 years ago

#6 - build(docs): generate Doxygen call/caller graphs

Pull Request - State: closed - Opened by cfm almost 2 years ago

#5 - Add Server Request keypair to the readme

Issue - State: closed - Opened by TheZ3ro almost 2 years ago - 1 comment

#4 - Prevent URI path traversals when downloading files

Issue - State: open - Opened by smaury almost 2 years ago - 2 comments
Labels: bug, security

#3 - Add symmetry also for /file endpoint

Issue - State: open - Opened by smaury almost 2 years ago
Labels: protocol research

#2 - Adding requests to requirements

Pull Request - State: closed - Opened by eaon almost 2 years ago - 1 comment

#1 - Add sanity checks for malicious challenges

Issue - State: closed - Opened by TheZ3ro almost 2 years ago - 3 comments

GitHub / freedomofpress/securedrop-protocol issues and pull requests