[tahoe-lafs-trac-stream] [tahoe-lafs] #366: address Nathan Wilcox's concerns about "Tahoe and the browser security model"
tahoe-lafs
trac at tahoe-lafs.org
Thu May 9 03:32:56 UTC 2013
#366: address Nathan Wilcox's concerns about "Tahoe and the browser security
model"
-----------------------------------+-----------------------------------
Reporter: zooko | Owner: nejucomo
Type: defect | Status: new
Priority: major | Milestone: eventually
Component: code-frontend-web | Version: 0.9.0
Resolution: | Keywords: security capleak docs
Launchpad Bug: |
-----------------------------------+-----------------------------------
Description changed by zooko:
Old description:
> [http://allmydata.org/pipermail/tahoe-dev/2008-February/000404.html On
> the mailing list] Nathan Wilcox posted some general concerns about how
> Tahoe's WUI relies on a security model which is different than the one
> almost everyone thinks of when they think of web browsers and URLs.
>
> It is through such cracks between people's models that security failures
> slip (according to Ross Anderson's book ''Security Engineering'').
>
> If we could address these concerns, at least by documentation, for Tahoe
> v1.0 I would feel better.
New description:
[//pipermail/tahoe-dev/2008-February/000404.html On the mailing list]
Nathan Wilcox posted some general concerns about how Tahoe's WUI relies on
a security model which is different than the one almost everyone thinks of
when they think of web browsers and URLs.
It is through such cracks between people's models that security failures
slip (according to Ross Anderson's book ''Security Engineering'').
If we could address these concerns, at least by documentation, for Tahoe
v1.0 I would feel better.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/366#comment:12>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list