[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Thu Dec 26 23:58:08 UTC 2013
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by amontero):
Replying to [comment:8 daira]:
> I don't know whether that can be made to work but it's probably not a
good idea, anyway. Use a separate private key generated by openssl:
> {{{
> openssl genrsa -out mykey.pem 4096
> openssl rsa -pubout -in mykey.pem -out publickey.pem
> }}}
> (and then get a certificate on {{{publickey.pem}}}), or, for a self-
signed cert with 100-year validity:
> {{{
> openssl req -x509 -newkey rsa:4096 -keyout mykey.pem -out cert.pem -days
36524
> }}}
Having to deal with openssl command and options can be troublesome for
some users. I want to avoid them that, if possible. Using the "node.pem"
cert would be a great way to achieve it.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:9>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list