manawenuz/featherChat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Alias TTL renews only on authenticated actions (sending messages)

Browse Source 
- Sending a message includes `from` fingerprint
- Server renews alias TTL on send (proves identity: you encrypted it)
- Polling/receiving does NOT renew (anyone can spam messages to you)
- Key registration does NOT renew (separate concern)

This prevents alias keepalive attacks where someone spams a user
just to keep their alias from expiring.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-03-27 07:39:15 +04:00
parent bf67566b0c
commit 7fe6de0ba1
4 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
warzone/crates/warzone-client/src/tui/app.rs
View File

@@ -369,7 +369,7 @@ impl App {
}
};
match client.send_message(&peer, &encoded).await {
match client.send_message(&peer, Some(&self.our_fp), &encoded).await {
Ok(_) => {
self.add_message(ChatLine {
sender: self.our_fp[..12].to_string(),