[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Sat Dec 28 14:46:45 UTC 2013
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
Replying to [comment:13 amontero]:
> Ops. I'm assuming here that the exception is tied to a particular
certificate serial/id. However, I could not back this when posting. I've
researched a little and found this about certificate exceptions and
serials:
> https://support.mozilla.org/ca/kb/secure-connection-failed-error-message
#w_the-certificate-contains-the-same-serial-number-as-another-certificate
That page does not describe what the semantics of a certificate exception
are. The point you linked to is referring to the error case where two
distinct certs have the same serial number, which is not something that an
attacker would do.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:14>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list