[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?

tahoe-lafs trac at tahoe-lafs.org
Sat Dec 28 15:28:47 UTC 2013 

#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  amontero
  amontero               |     Status:  new
         Type:           |  Milestone:  undecided
  enhancement            |    Version:  1.10.0
     Priority:  normal   |   Keywords:  websec confidentiality privacy wui
    Component:  code-    |  webapi docs
  frontend-web           |
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by amontero):

 I'm not any deep in how MITM attacks work, just general knowledge.
 I assume that any-SSL could work like this:
 1. You install a Tahoe-LAFS node as usual.
 2. Since you have a cert available, as instructed by the docs, you just
 enable the any-SSL autosigned cert, maybe by just uncommenting a web.port
 setting to use them.
 3. You browse to check that the node works OK, adding the exception as
 it's a first.
 4. You keep using SSL (in that browser) thanks to the exception. Hey, we
 can even publish the cert fingerprint to WebUI to check at any moment!
 (like the first time you browse from a different computer)
 5. Someday, some nasty sniffing starts happening in the LAN. You're safe.
 6. Worse, someone attempts MITM. Now you could at least get a warning sign
 that you're under fire. You better check fingerprints.

 I'm aware that 6 validity depends on certificate inners and browser
 behavior that sometimes I'm just assuming, but not certain about it. It
 depends on how well browsers (ie client-side) shield you from each one of
 all the range of attacks. But at least would rise a little the bar in some
 scenarios, as point 5 would stand.
 However, here I'm at the limit of crypto/MITM knowledge and any assumption
 could be wrong. It might only prevent against sniffing and not be safe
 event to simplest MITM, not sure.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:15>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list