Changes between Initial Version and Version 3 of Ticket #2293


Ignore:
Timestamp:
2014-09-08T04:17:36Z (10 years ago)
Author:
str4d
Comment:

Removed the client endpoint string whitelisting comments from the description, I have opened a Twisted ticket for that:

https://twistedmatrix.com/trac/ticket/7632

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2293

    • Property Component changed from unknown to code-network
    • Property Summary changed from I2P client endpoint parameter concaternator to I2P client endpoint parameter concatenator
    • Property Owner changed from daira to dawuud
    • Property Keywords i2p endpoint twisted added
    • Property Type changed from defect to enhancement

  • Ticket #2293 – Description

    initial v3  
    2828
    2929Tahoe parses, keeps an internal map, applies the relevant params to a client endpoint string before connecting
    30 * Client endpoint string whitelisting
    31     * Server publishes an endpoint string for a client to connect to
    32     * A malicious server could publish strings containing client-specific parameters that compromise the user
    33         * Unsure what parameters could actually be used maliciously on their own, but definitely possible in concert with other attacks.
    34     * The client should not accept strings that contain client-specific parameters
    35         * How to tell the difference? Tahoe can't keep a list of everything that is safe.
    36         * Maybe an endpoint API method that takes a client endpoint string and returns a safe one.
    37