Opened at 2022-03-07T14:04:25Z
Last modified at 2022-03-08T15:10:53Z
#3876 closed defect
Generate upload secret per bucket — at Version 1
| Reported by: | itamarst | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | HTTP Storage Protocol |
| Component: | unknown | Version: | n/a |
| Keywords: | Cc: | ||
| Launchpad Bug: |
Description (last modified by itamarst)
Right now the IStorageClient HTTP emulator has a single upload secret per server. This is not too bad, but can leak information for people using Tor/I2P because the server can correlate uploads.
This was caused by the HTTP server validating the upload secret across all in-progress uploads (==buckets). If two clients ever used a different upload secret for different shares of the same storage index, they couldn't do parallel uploads. This seems wrong, shares are independent.
So the HTTP API should be changed so that upload secrets are not checked at bucket creation time. It should be fine to have different upload secrets for different shares of the same storage index.
Change History (1)
comment:1 Changed at 2022-03-07T14:30:50Z by itamarst
- Description modified (diff)
- Type changed from enhancement to defect
Note: See
TracTickets for help on using
tickets.
