Skip to content

Threat model of python-obelisk #16

Open
@dionyziz

Description

@dionyziz

As python-obelisk is a core part of OpenBazaar, I wanted to inquire about the threat model behind the obelisk protocol and how much of it is inherited in the python-obelisk client. In particular, how much trust does the python-obelisk client give to the obeliskd, and what is the server capable of doing under these assumptions?

Clearly, a malicious obeliskd could deny service. However, is it possible that they fake transactions, transaction amounts, and generally respond with inaccurate data in a way that the client isn't able to detect?

Thanks for your input.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions