[tahoe-dev] [tahoe-lafs] #958: LAFS 301 Moved Permanently
James A. Donald
jamesd at echeque.com
Thu Aug 5 18:29:37 UTC 2010
On 2010-08-05 2:28 PM, Kyle Markley wrote:
> I'm not a security expert but I'm puzzled by the idea of attenuating the
> authority. Surely it can't be the client's job to implement this
> attenuation; it's easy to modify the client source code to skip any
> locally-performed attenuation and let the stronger cap flow through. This
> could be done in the server only if the server is known to be
> un-tampered-with.
Obviously, the entity who has the authority should attenuate it to the
minimum necessary before he gives it out to another entity. The entity
who receives the authority should not attenuate it.
A redirect that automatically grants a higher authority for lower is
unusual, but not necessarily incorrect, and if it is incorrect, the fix
has to be on code that is under the control of the entity that possesses
the authority.
More information about the tahoe-dev
mailing list