[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Sat Dec 28 14:39:33 UTC 2013
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by amontero):
Ops. I'm assuming here that the exception is tied to a particular
certificate serial/id. However, I could not back this when posting. I've
researched a little and found this about certificate exceptions and
serials:
https://support.mozilla.org/ca/kb/secure-connection-failed-error-message
#w_the-certificate-contains-the-same-serial-number-as-another-certificate
However, I'm not sure if the cert serial is tied to some private key info
in a way that it can't be forged easily with any MITM attacks.
As far as I can tell, this error would be a warning sign enough that
someone is doing nasty things with the connection. At least, an
improvement over current situation good enough for me. This does not
prevents you doing some more advanced cert management, if you care about
it. That should be clearly stated in docs and as comments in cfg file.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:13>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list