[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2810: disable Foolscap 'gifts' (third-party references)

Tahoe-LAFS trac at tahoe-lafs.org
Sat Aug 27 20:31:17 UTC 2016 

#2810: disable Foolscap 'gifts' (third-party references)
--------------------------+------------------------
 Reporter:  warner        |          Owner:  warner
     Type:  task          |         Status:  new
 Priority:  normal        |      Milestone:  1.12.0
Component:  code-network  |        Version:  1.11.0
 Keywords:  anonymity     |  Launchpad Bug:
--------------------------+------------------------
 Foolscap-0.9.0 (released 21-Sep-2015) added a Tub option to ignore
 "gifts", which is the feature that enables third-party references (also
 known as "introductions"). This allows Alice to include a reference to Bob
 as an argument in a message to Carol, where Bob is an object on a
 different Tub than either Alice or Carol. It works by sending a special
 reference type (named "their-reference") that contains the full FURL of
 the target. The recipient automatically establishes a connection to the
 new Tub before delivering the arguments to the method.

 While this is an important primitive for generalized distributed systems,
 we don't actually use it in Tahoe. And in the context of Tor and
 anonymity, it is a threat: Carol might be running her node behind an onion
 address, so Alice does not know Carol's real IP address. Alice could
 create a third-party reference with a FURL that points to a host she
 controls, send it to Carol, then record what IP address the resulting
 connection came from.

 The way we're using connection handlers in Tahoe will prevent this
 (Carol's tub will be configured to use Tor for all outbound connections,
 so !Alice/Bob will observe a connection coming from a Tor exit node), but
 it'd be good to have defense in depth.

 So the change is simple: in `node.py`, where we're building up the list of
 tub options to apply (currently things like `logLocalFailures` and
 `disconnectTimeout`), we should add `tub.setOption("accept-gifts",
 False)`.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2810>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list