[tahoe-lafs-trac-stream] [Tahoe-LAFS] #997: The webapi/WUI should have https enabled by default
Tahoe-LAFS
trac at tahoe-lafs.org
Thu Sep 11 22:20:19 UTC 2014
#997: The webapi/WUI should have https enabled by default
--------------------------+------------------------------------------------
Reporter: jsgf | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code- | Version: 1.6.0
frontend-web | Keywords: confidentiality wui webapi capleak
Resolution: |
Launchpad Bug: |
--------------------------+------------------------------------------------
Changes (by warner):
* component: unknown => code-frontend-web
Old description:
> In the spirit of making the defaults secure, the web interface should
> have https enabled by default. Plain http is only secure if you assume
> users will always interact with the server over a secure network, but
> practice shows that people often connect to remote servers.
>
> This implies that Tahoe should ship with some certificates. These can be
> any dummy self-signed certs, since we just need secure key negotiation.
New description:
In the spirit of making the defaults secure, the web interface should have
https enabled by default. Plain http is only secure if you assume users
will always interact with the server over a secure network, but practice
shows that people often connect to remote servers.
This implies that Tahoe should ship with some certificates. These can be
any dummy self-signed certs, since we just need secure key negotiation.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/997#comment:7>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list