We will be releasing an urgent network update to the network at 11:00AM PST. The update is a small change which aims to fix a security flaw and improve the onboarding process for the Orange Team.
In the process of initially setting itself up, a node creates a unique ID. This ID is stored in an “ID File” (IDF) and used as its identity on the network. An oversight had a key component of this ID, the Salt, not stored or validated by the permissioning server. As a result, the system never cryptographically verifies ownership of the ID, this has been fixed with this patch.
A second consistent issue has been node operators forgetting to backup the IDF when they move or reset their nodes. This has taken significant time from the team in order to reset registrations. These Salts are not private, so as part of the new verification process we have stored them in our database and with this update are capable of quickly regenerating IDFs for node operatoes.
We felt it was important to get this update out before Orange Team went live in order
Due to changing the communications between nodes and permissioning this. Per the handbook, node operators compiling the software themselfs will have a grace period between today and Thursday 9/3/2020 to update their nodes.
The merge requests for the update can be found here:
Elixxir Server: https://gitlab.com/elixxir/server/-/merge_requests/573/diffs
Elixxir Comms: https://gitlab.com/elixxir/comms/-/merge_requests/266?resolved_conflicts=true