[tahoe-dev] [tahoe-lafs] #958: LAFS 301 Moved Permanently

James A. Donald jamesd at echeque.com
Thu Aug 5 18:29:37 UTC 2010


On 2010-08-05 2:28 PM, Kyle Markley wrote:
> I'm not a security expert but I'm puzzled by the idea of attenuating the
> authority.  Surely it can't be the client's job to implement this
> attenuation; it's easy to modify the client source code to skip any
> locally-performed attenuation and let the stronger cap flow through.  This
> could be done in the server only if the server is known to be
> un-tampered-with.

Obviously, the entity who has the authority should attenuate it to the 
minimum necessary before he gives it out to another entity.  The entity 
who receives the authority should not attenuate it.

A redirect that automatically grants a higher authority for lower is 
unusual, but not necessarily incorrect, and if it is incorrect, the fix 
has to be on code that is under the control of the entity that possesses 
the authority.


More information about the tahoe-dev mailing list