comments

author: Joey Hess <joeyh@joeyh.name> 2016-08-29 18:49:55 -0400
committer: Joey Hess <joeyh@joeyh.name> 2016-08-29 18:51:35 -0400
commit: 7ad3536737f30bbd328a4d37f78a72f9600fb4b8 (patch)
tree: 343a25aa08176719307e6991b5ee26ac9f3d329e /Storage
parent: 902bb171212aaf9fc2e748d6ea1466fa2aba095b (diff)
download: keysafe-7ad3536737f30bbd328a4d37f78a72f9600fb4b8.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/Storage/Network.hs b/Storage/Network.hs
index a1802e6..356f5ad 100644
--- a/Storage/Network.hs
+++ b/Storage/Network.hs
@@ -38,6 +38,8 @@ data Server = Server
 serverUrl :: Server -> BaseUrl
 serverUrl srv = BaseUrl Http (serverName srv) (serverPort srv) ""
 
+-- | These can be either tor .onion addresses, or regular hostnames.
+-- Using tor is highly recommended, to avoid correlation attacks.
 networkServers :: IO [Server]
 networkServers = return 
 	[ Server "localhost" 8080
@@ -82,7 +84,12 @@ serverRequest
 	-> (r -> a)
 	-> (Maybe ProofOfWork -> Manager -> BaseUrl -> ExceptT ServantError IO (ProofOfWorkRequirement r))
 	-> IO a
-serverRequest srv onerr onsuccess a = go Nothing =<< torableManager
+serverRequest srv onerr onsuccess a = 
+	-- A new Manager is allocated for each request, rather than reusing
+	-- any connection. This is a feature; it makes correlation attacks
+	-- harder because the server can't tell if two connections
+	-- (over tor) came from the same user.
+	go Nothing =<< torableManager
   where
 	url = serverUrl srv
 	go pow manager = do
author	Joey Hess <joeyh@joeyh.name>	2016-08-29 18:49:55 -0400
committer	Joey Hess <joeyh@joeyh.name>	2016-08-29 18:51:35 -0400
commit	7ad3536737f30bbd328a4d37f78a72f9600fb4b8 (patch)
tree	343a25aa08176719307e6991b5ee26ac9f3d329e /Storage
parent	902bb171212aaf9fc2e748d6ea1466fa2aba095b (diff)
download	keysafe-7ad3536737f30bbd328a4d37f78a72f9600fb4b8.tar.gz