Example of the replay attack.
- Alice wants to change her blossom server from Server 1 to Server 2
- Alice mirrors all blobs to Server 2
- Alice then sends a DELETE for all her blobs on Server 1
- Server 1 is malicious and replays all the DELETEs( with all the Auth events) to Server 2
- Result is a complete data loss
The Auth scheme is being reworked by @nprofile1q... and I so it will be fixed
- Alice wants to change her blossom server from Server 1 to Server 2
- Alice mirrors all blobs to Server 2
- Alice then sends a DELETE for all her blobs on Server 1
- Server 1 is malicious and replays all the DELETEs( with all the Auth events) to Server 2
- Result is a complete data loss
The Auth scheme is being reworked by @nprofile1q... and I so it will be fixed