Opened at 2008-03-23T02:10:11Z
Last modified at 2013-09-14T17:39:26Z
#366 new defect
address Nathan Wilcox's concerns about "Tahoe and the browser security model"
| Reported by: | zooko | Owned by: | nejucomo |
|---|---|---|---|
| Priority: | major | Milestone: | eventually |
| Component: | code-frontend-web | Version: | 0.9.0 |
| Keywords: | security capleak docs websec | Cc: | nejucomo |
| Launchpad Bug: |
Description (last modified by zooko)
On the mailing list Nathan Wilcox posted some general concerns about how Tahoe's WUI relies on a security model which is different than the one almost everyone thinks of when they think of web browsers and URLs.
It is through such cracks between people's models that security failures slip (according to Ross Anderson's book Security Engineering).
If we could address these concerns, at least by documentation, for Tahoe v1.0 I would feel better.
Change History (13)
comment:1 Changed at 2008-03-25T19:28:18Z by zooko
- Milestone changed from 1.0.0 to 1.0.1
comment:2 Changed at 2008-05-05T21:08:36Z by zooko
- Milestone changed from 1.0.1 to 1.1.0
comment:3 Changed at 2008-05-29T22:37:40Z by warner
- Milestone changed from 1.1.0 to 1.2.0
comment:4 Changed at 2008-08-19T18:01:01Z by zooko
- Component changed from unknown to code-frontend-web
- Owner nobody deleted
comment:5 Changed at 2009-06-30T12:39:37Z by zooko
- Milestone changed from 1.5.0 to eventually
comment:6 Changed at 2009-10-28T07:04:28Z by davidsarah
comment:7 Changed at 2010-01-17T14:55:33Z by davidsarah
- Keywords capleak added
comment:8 Changed at 2010-01-17T14:55:55Z by davidsarah
... and #907.
comment:9 Changed at 2010-09-18T17:51:04Z by zooko
- Owner set to nejucomo
I wonder what process we would use to close this ticket. Maybe: have Nathan Wilcox sign off on it saying "I am no longer concerned about the impedance mismatch between the Tahoe-LAFS security model and the web security model?". I doubt that this would ever happen (at least not for another 5 or 10 years). So maybe we should try to narrow this ticket. Could we name some specific issues that we could verify whether or not they are still a problem and then close the ticket if they are fixed? Probably not.
Nathan: How about this: write a document for the user explaining the dangers of mixing the web security model with Tahoe-LAFS, and then close this ticket. Here is a "seed" document which you could use as a starter:
If that document already conveys your concerns to the user, then please close this ticket. If not, please write a document which does do so, or else post a comment on this ticket explaining what it would take to write such a document, or proposing some other process by which we can make forward progress on this ticket.
Thank you!
comment:10 Changed at 2010-09-18T17:51:30Z by zooko
- Keywords docs added
comment:11 Changed at 2012-08-27T23:05:02Z by nejucomo
I will close this ticket because it has vague criteria. Instead, let's focus on more specific issues. A similar ticket not mentioned above is #1665.
comment:12 Changed at 2013-05-09T03:32:56Z by zooko
- Description modified (diff)
comment:13 Changed at 2013-09-14T17:39:26Z by zooko
- Keywords websec added
Milestone 1.0.1 deleted