[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security?

tahoe-lafs trac at tahoe-lafs.org
Tue Dec 24 14:17:50 UTC 2013 

#2142: How to enhance WebUI default security?
--------------------------+------------------------------------------------
     Reporter:  amontero  |      Owner:
         Type:            |     Status:  new
  enhancement             |  Milestone:  undecided
     Priority:  normal    |    Version:  1.10.0
    Component:  code-     |   Keywords:  websec confidentiality privacy wui
  frontend-web            |
   Resolution:            |
Launchpad Bug:            |
--------------------------+------------------------------------------------
Description changed by amontero:

Old description:

> I'm setting up a LAN grid that where I would like to protect storage
> nodes WebUIs from casual eavesdroppers. I connect to storage nodes via
> WebUI to do checks and tests, and would like to be a bit safer to
> wireless sniffers, for instance.
>
> I assume that enabling SSL for all node's WebUIs would be enough for
> that, maybe I've overlooked something. Just common-sense rule-of-thumb:
> (most of)SSL will be better than NO SSL.
>
> Then I thought that the easiest way to do this is, not to even generate
> any certs locally, but reuse the "private/node.pem" existing one. Looks
> the easiest, good karma points.
> Perhaps that's not possible/advisable and is a blatant "no-no" that I
> could not be aware of. Tried reading the code a little and read
> https://github.com/tahoe-lafs/pycryptopp/blob/master/README.ed25519.rst
> and I'm not sure. But, here I've could be completely mislead and I don't
> understand most of it. My doubts are:
> * what security will have this "node.pem" key for webui SSL?
> * is "node.pem" even suitable for using it as SSL cert?
>
> I asked in IRC and was given nice alternatives, such as lafs-rpg or ssh
> tunnels, but doing by enabling just SSL I seem to understand that's not
> as easy and secure af it sounds. But here I might fall short on
> understandings of some crypto/PKI concepts. So, anyway at least as a FAQ
> I would like to know if it is possible or if it can be achieved someway.
> Here it might raise ideas, such as "why we don't generate a default
> 'private/webui.pem' and recommend in tahoe.cfg comments?". I think that
> switching to from NO SSL to SSL WebUI is worth having, isn't it?
>
> I think making this a bit clear for non cryptologists could at least be a
> nice security FAQ, even if not advisable.

New description:

 I'm setting up a LAN grid that where I would like to protect storage nodes
 WebUIs from casual eavesdroppers. I connect to storage nodes via WebUI to
 do checks and tests, and would like to be a bit safer from wireless
 sniffers at public hotspots, for instance.

 I assume that enabling SSL for all node's WebUIs would be enough for that,
 maybe I've overlooked something. Just common-sense rule-of-thumb: (most
 of)SSL will be better than NO SSL.

 Then I thought that the easiest way to do this is, not to even generate
 any certs locally, but reuse the "private/node.pem" existing one. Looks
 the easiest, good karma points.
 Perhaps that's not possible/advisable and is a blatant "no-no" that I
 could not be aware of. Tried reading the code a little and read
 https://github.com/tahoe-lafs/pycryptopp/blob/master/README.ed25519.rst
 and I'm not sure. But, here I've could be completely mislead and I don't
 understand most of it. My doubts are:
 * what security will have this "node.pem" key for webui SSL?
 * is "node.pem" even suitable for using it as SSL cert?

 I asked in IRC and was given nice alternatives, such as vpn, lafs-rpg or
 ssh tunnels, but doing by enabling just SSL I seem to understand that's
 not as easy and secure as it sounds. But here I might fall short on
 understandings of some crypto/PKI concepts. So, anyway at least as a FAQ I
 would like to know if it is possible or if it can be achieved someway.
 Here it might raise ideas, such as "why we don't generate a default
 'private/webui.pem' and recommend in tahoe.cfg comments?". I think that
 switching to from NO SSL to SSL WebUI is worth having, isn't it?

 I think making this a bit clear for non cryptologists could at least be a
 nice security FAQ, even if not advisable.

--

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:2>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list