#366 assigned defect

address Nathan Wilcox's concerns about "Tahoe and the browser security model"

Reported by: zooko Owned by: blaisep
Priority: major Milestone: eventually
Component: code-frontend-web Version: 0.9.0
Keywords: security capleak docs websec Cc: nejucomo
Launchpad Bug:

Description (last modified by zooko)

On the mailing list Nathan Wilcox posted some general concerns about how Tahoe's WUI relies on a security model which is different than the one almost everyone thinks of when they think of web browsers and URLs.

It is through such cracks between people's models that security failures slip (according to Ross Anderson's book Security Engineering).

If we could address these concerns, at least by documentation, for Tahoe v1.0 I would feel better.

Change History (14)

comment:1 Changed at 2008-03-25T19:28:18Z by zooko

  • Milestone changed from 1.0.0 to 1.0.1

comment:2 Changed at 2008-05-05T21:08:36Z by zooko

  • Milestone changed from 1.0.1 to 1.1.0

Milestone 1.0.1 deleted

comment:3 Changed at 2008-05-29T22:37:40Z by warner

  • Milestone changed from 1.1.0 to 1.2.0

comment:4 Changed at 2008-08-19T18:01:01Z by zooko

  • Component changed from unknown to code-frontend-web
  • Owner nobody deleted

comment:5 Changed at 2009-06-30T12:39:37Z by zooko

  • Milestone changed from 1.5.0 to eventually

comment:6 Changed at 2009-10-28T07:04:28Z by davidsarah

If you like this bug, you might like #127, #615, and #821.

comment:7 Changed at 2010-01-17T14:55:33Z by davidsarah

  • Keywords capleak added

comment:8 Changed at 2010-01-17T14:55:55Z by davidsarah

... and #907.

comment:9 Changed at 2010-09-18T17:51:04Z by zooko

  • Owner set to nejucomo

I wonder what process we would use to close this ticket. Maybe: have Nathan Wilcox sign off on it saying "I am no longer concerned about the impedance mismatch between the Tahoe-LAFS security model and the web security model?". I doubt that this would ever happen (at least not for another 5 or 10 years). So maybe we should try to narrow this ticket. Could we name some specific issues that we could verify whether or not they are still a problem and then close the ticket if they are fixed? Probably not.

Nathan: How about this: write a document for the user explaining the dangers of mixing the web security model with Tahoe-LAFS, and then close this ticket. Here is a "seed" document which you could use as a starter:

trunk/docs/known_issues.txt

If that document already conveys your concerns to the user, then please close this ticket. If not, please write a document which does do so, or else post a comment on this ticket explaining what it would take to write such a document, or proposing some other process by which we can make forward progress on this ticket.

Thank you!

comment:10 Changed at 2010-09-18T17:51:30Z by zooko

  • Keywords docs added

comment:11 Changed at 2012-08-27T23:05:02Z by nejucomo

I will close this ticket because it has vague criteria. Instead, let's focus on more specific issues. A similar ticket not mentioned above is #1665.

comment:12 Changed at 2013-05-09T03:32:56Z by zooko

  • Description modified (diff)

comment:13 Changed at 2013-09-14T17:39:26Z by zooko

  • Keywords websec added

comment:14 Changed at 2024-08-27T16:04:40Z by blaisep

  • Owner changed from nejucomo to blaisep
  • Status changed from new to assigned
Note: See TracTickets for help on using tickets.