Are b32 addresses public

[arthurmelton]

I am wondering if b32 addresses (created specifically by SAM) are announced in a way that an attacker could find newly created b32 addresses. I don't see how it would be possible without publicly telling everyone that a new service is running, but I would rather know for sure.

[anikey-from-i2p]

As far as I know (and this is general for all i2p addresses, not just SAM), if you create an address and leave it at all default settings, its existance (or specifically its leaseset) can be visible to floodfill routers. This is because the leaseset is not encrypted (aka not "blinded").

This issue can be solved by using blinded leasesets. From reading some documentation (see also this), this can be achieved by setting SIGNATURE_TYPE to 11 (which is RedDSA_SHA512_Ed25519). I think you also need to set the option i2cp.leaseSetType to 5 (which means encrypted; again see the i2pd.readthedocs website i linked).

I've not tested this. Be sure to test it. Java I2P's NetDB Lookup is useful in showing data about leasesets (as an aside to developers: why not implement that kinda thing in i2pd webconsole? should i open issue?).

Another option (can be used together with the above) could be to implement an "accesslist" (like i2pd does for server tunnels), where you can put trusted addresses and, on connection, check if it is one of those addresses. But i'm sure that's something you'll have to add in the application side.

[Vort]

Java I2P's NetDB Lookup is useful in showing data about leasesets (as an aside to developers: why not implement that kinda thing in i2pd webconsole? should i open issue?).

Can you show screenshot?
Isn't this is what you are talking about?

[anikey-from-i2p]

It does indeed look something like that. The problem with it is that it appears to be only available to floodfills.

With Java I2P, you can contact any i2p destination through that router, then open router console, NetDB Lookup, and in the Full destination, name, Base32, or hash: field enter the destination you visited.

Let's say you want to see leaseset for i2p-projekt.i2p. You open it in your browser (now the router knows the leaseset for it). Then you do NetDB Lookup. And in response you get something like this:

LeaseSet: XXXX.... Destination: i2p-projekt.i2p
Published XX sec ago
Expires in X min
RAP? false  RAR? true  Distance: 123.XX  Type: 3  Unpublished? false
Signature type: DSA_SHA1
Encryption Key: ECIES_X25519 XXXX....
Encryption Key: ELGAMAL_2048 XXXX....
Routing Key: XXXX....

    Lease 1: ?? XXXX Tunnel 1234567 Expires in X min
    Lease 2: ?? XXXX Tunnel 1234567 Expires in X min

Can i do this in i2pd? Or is that panel you showed, only shows the leasesets stored in the floodfill?

[Vort]

Or is that panel you showed, only shows the leasesets stored in the floodfill?

Yes, LeaseSets section appear only in floodfill mode.

And in response you get something like this:

Ok, I understood what you mean.

It would be nice to have leaseset address clickable here in a similar way it is clickable in LeaseSets section:

However I doubt developers will make such changes anytime soon - i2pd have lots of more important unsolved problems.