[tahoe-lafs-trac-stream] [tahoe-lafs] #1426: re-key (write-enabler) protocol
tahoe-lafs
trac at tahoe-lafs.org
Sun Jul 10 07:23:38 PDT 2011
#1426: re-key (write-enabler) protocol
------------------------------+-----------------------
Reporter: warner | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Component: code-mutable | Version: 1.8.2
Resolution: | Keywords:
Launchpad Bug: |
------------------------------+-----------------------
Comment (by zooko):
Hm, it is worth adding protection against replay attack? This attack would
be a denial of service in which the attacker stores an old
{{{writecap.key.sign([tag, new-write-enabler, storage-index, serverid])}}}
and every time you try to set a ''new'' new write-enabler the attacker
replays this old new write-enabler to reset it.
One good defense would be to include the one-way hash of the old write-
enabler in the message. As davidsarah mentioned in comment:1, it might be
convenient anyway for the server to send this one-way hash of the current
write-enabler to the client anyway, in order to inform the client about
whether they need to rekey.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1426#comment:2>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list