On 2013/07/24 (Jul), at 3:21 PM, Matthew Toseland wrote: > At present once you are connected to a peer, it can change its name. So it > can e.g. impersonate your other peers. This is not easily detectable because > of character set issues (there are lots of characters that look like "o" with > different unicode code points, for example). > > IMHO we need to *confirm the node name* as part of exchanging noderefs. This > *should not then change* - at least not without local confirmation. The node > can call itself whatever it wants, but we'll always show the name it was > added as, unless the local user accepts a change.
Or else we can highlight in red any names that contain high-byte unicode characters (i.e. fair warning). -- Robert Hailey
