[injinj]

It does appear the "Node ID" section covers this issue, with the requirement that the public key back up the 40 bit key fingerprint.

What if the controller had a timer that could be set such that the network becomes static and unchanging when it expires?

[api]

The public key is bound to the address. The problem is that this binding was not as strong as we thought it was in one edge case. Exploitability relied on another problem in the roots, which is now fixed, so the issue is no longer exploitable.

We are also going to do a release though because we thought of a way to ensure that a complete hash of the address and public key (rather than just the 40 bit address) is always checked in certificates of membership. In retrospect it always should have been this way, but then again all security issues always seem silly and obvious in hindsight.

This will make an exploit of this nature impossible even if the roots are misbehaving, since the certificate of membership won't validate against a colliding identity at all.

It would be nice if the address could be at least 256 bits long, but there's a major ergonomic problem with that. Would you rather join network abcd0123ab12345 or network 8c6e2a2647ee854f469a3bb798e02ba5a8b1812cab229ff129f073e7a80c1202?

If humans could remember and easily type very long strings a lot of information security would be way, way easier. :)

[cyberge99]

Honestly, I would be okay with a larger bit sized network string.

It’s likely stored as part of automation if done on a large scale , or easy enough to copy/paste from smaller use cases.

I think it would be rare to have to type it, so even the longer string would be worth the irritation for the piece of mind.

Just my honest opinion.

(Huge fan of ZT by the way.)