[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3875: Server/client code for HTTP storage protocol fURLs

Tahoe-LAFS trac at tahoe-lafs.org
Tue Mar 1 15:37:54 UTC 2022 

#3875: Server/client code for HTTP storage protocol fURLs
--------------------------+-----------------------------------
     Reporter:  itamarst  |      Owner:  itamarst
         Type:  task      |     Status:  new
     Priority:  normal    |  Milestone:  HTTP Storage Protocol
    Component:  unknown   |    Version:  n/a
   Resolution:            |   Keywords:
Launchpad Bug:            |
--------------------------+-----------------------------------
Description changed by itamarst:

Old description:

> A HTTP storage fURL looks like
> `pb://i5xb...@example.com:443/g3m5...#v=1`, where `i5xb...` is the sha256
> of the Subject Public Key Information. The `g3m5...` is the swissnum; the
> `#v=1` means it's HTTP.
>
> On the server-side:
>
> 1. The HTTP server should be able to listen with TLS, given paths to key
> file and certificate file. (It already accepts the swissnum.)
> 2. It should provide an API that returns the fURL in above format.
>
> On the client-side:
>
> 1. The client should be able to determine the host/port to connect to
> from a fURL.
> 2. Upon connecting, the client should verify:
>     1. Expiration date of certificate; it hasn't expired.
>     2. That the public key in the certificate has SPKI signature the
> matches the one in the fURL.
>     3. That the certificate was signed by the private key (i.e. self-
> signed).

New description:

 A HTTP storage fURL looks like `pb://i5xb...@example.com:443/g3m5...#v=1`,
 where `i5xb...` is the sha256 of the Subject Public Key Information. The
 `g3m5...` is the swissnum; the `#v=1` means it's HTTP.

 On the server-side:

 1. The HTTP server should be able to listen with TLS, given paths to key
 file and certificate file. (It already accepts the swissnum.)
 2. It should provide an API that returns the fURL in above format.

 On the client-side:

 1. The client should be able to determine the host/port to connect to from
 a fURL.
 2. Upon connecting, the client should verify:
     1. Expiration date of certificate; it hasn't expired.
     2. That the public key in the certificate has SPKI has that matches
 the one in the fURL.
     3. That the certificate was signed by the private key (i.e. self-
 signed).

--

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3875#comment:1>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list