[tahoe-dev] [tahoe-lafs] #366: address Nathan Wilcox's concerns about "Tahoe and the browser security model"
tahoe-lafs
trac at tahoe-lafs.org
Sat Sep 18 17:51:04 UTC 2010
#366: address Nathan Wilcox's concerns about "Tahoe and the browser security
model"
-----------------------------------+----------------------------------------
Reporter: zooko | Owner: nejucomo
Type: defect | Status: new
Priority: major | Milestone: eventually
Component: code-frontend-web | Version: 0.9.0
Resolution: | Keywords: security capleak
Launchpad Bug: |
-----------------------------------+----------------------------------------
Changes (by zooko):
* owner: => nejucomo
Comment:
I wonder what process we would use to close this ticket. Maybe: have
Nathan Wilcox sign off on it saying "I am no longer concerned about the
impedance mismatch between the Tahoe-LAFS security model and the web
security model?". I doubt that this would ever happen (at least not for
another 5 or 10 years). So maybe we should try to narrow this ticket.
Could we name some specific issues that we could verify whether or not
they are still a problem and then close the ticket if they are fixed?
Probably not.
Nathan: How about this: write a document for the user explaining the
dangers of mixing the web security model with Tahoe-LAFS, and then close
this ticket. Here is a "seed" document which you could use as a starter:
[source:trunk/docs/known_issues.txt]
If that document already conveys your concerns to the user, then please
close this ticket. If not, please write a document which does do so, or
else post a comment on this ticket explaining what it would take to write
such a document, or proposing some other process by which we can make
forward progress on this ticket.
Thank you!
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/366#comment:9>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-dev
mailing list