[tahoe-lafs-trac-stream] [tahoe-lafs] #1761: Insufficient documentation about how to administer the convergence secret.

tahoe-lafs trac at tahoe-lafs.org
Thu Mar 14 17:29:57 UTC 2013 

#1761: Insufficient documentation about how to administer the convergence secret.
-----------------------------+---------------------------------------------
     Reporter:  nejucomo     |      Owner:  someone
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:  1.10.0
    Component:               |    Version:  1.9.1
  documentation              |   Keywords:  docs convergence usability easy
   Resolution:               |
Launchpad Bug:               |
-----------------------------+---------------------------------------------
Changes (by zooko):

 * owner:  davidsarah => someone
 * status:  assigned => new


Comment:

 !ClashTheBunny: Great! Thank you. I would prefer if the warning about why
 the convergence secret matters also referred to the "Learn-The-Remaining-
 Information" attack and not only to the "Confirm-The-File" attack. (See
 https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html .)

 We have an idea for how to manage documentation, which is that we put docs
 into the source tree in .rst form, and then in addition we make those docs
 browseable on the web. So a reasonable task for this ticket now would be
 for someone to convert [[wiki:Convergence Secret]] into .rst form, add it
 into the "docs/" subdirectory of the source tree, and the put links to it
 within the source browser from the [[wiki:Doc]] page. Make sense?

 To recap, there are two things that I request somebody do before we close
 this ticket:

 1. edit [[wiki:Convergence Secret]] to warn that even if the file is
 unique to you, such as a statement from your bank, then the "Learn-The-
 Remaining-Information" attack could be used to reveal your confidential
 information to an attacker

 2. convert the text from trac wiki markup format from [[wiki:Convergence
 Secret]] to .rst format, put it in a file in [source:git/docs/] and open a
 pull request on github.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1761#comment:6>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list