Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • jami-project jami-project
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 164
    • Issues 164
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • savoirfairelinux
  • jami-projectjami-project
  • Issues
  • #95
Closed
Open
Created Feb 22, 2016 by RingBot@RingBotOwner

Ring leaks the RingID of contacts when the DHT is not bootstrapped

Issue generated from Tuleap's migration script. Originally submitted by: Baptiste Jonglez (baptiste)

When the DHT is not yet bootstrapped (for instance if all outgoing UDP trafic is blocked by a firewall), trying to call a RingID causes Ring to perform DNS queries for the following names:

SRV \_sip.\_udp.00000000000000000000000000000000000000.

A  00000000000000000000000000000000000000.

where 000...00 is the RingID of the contact (omitted here for privacy reasons). By the way, these queries obviously fail.

This is a privacy concern, since the operator of the DNS resolver, and any attacker able to listen to the traffic, can learn which RingID has been contacted.

Assignee
Assign to
Time tracking