[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?

tahoe-lafs trac at tahoe-lafs.org
Sat Dec 28 14:46:45 UTC 2013


#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  amontero
  amontero               |     Status:  new
         Type:           |  Milestone:  undecided
  enhancement            |    Version:  1.10.0
     Priority:  normal   |   Keywords:  websec confidentiality privacy wui
    Component:  code-    |  webapi docs
  frontend-web           |
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by daira):

 Replying to [comment:13 amontero]:
 > Ops. I'm assuming here that the exception is tied to a particular
 certificate serial/id. However, I could not back this when posting. I've
 researched a little and found this about certificate exceptions and
 serials:
 > https://support.mozilla.org/ca/kb/secure-connection-failed-error-message
 #w_the-certificate-contains-the-same-serial-number-as-another-certificate

 That page does not describe what the semantics of a certificate exception
 are. The point you linked to is referring to the error case where two
 distinct certs have the same serial number, which is not something that an
 attacker would do.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:14>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list