Changes between Initial Version and Version 1 of Ticket #393, comment 146
- Timestamp:
- 2011-08-22T06:01:19Z (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #393, comment 146
initial v1 1 It is bed time and unfortunately I haven't finished examining the patch in search of ways that it could make us write out ill-formatted SDMF files, or leak the write-authorization secrets, or succumb to an attacker's attempt to make us write out (and digitally sign) an SDMF file that we didn't mean to (including making us use a wrong sequence number). Those are the three possibilities that I consider to be the "worst case scenarios", so they are what I start looking for first. I'll resume looking for those possibilities tomorrow.1 It is bed time and unfortunately I haven't finished examining the patch in search of ways that it could make us write out ill-formatted SDMF files, or leak the write-authorization secrets, or succumb to an attacker's attempt to make us write out (and digitally sign) an SDMF file that we didn't mean to (including making us use a wrong sequence number). Those are the three possibilities that I consider to be the "worst case scenarios", so they are what I started looking for first. I'll resume looking for those possibilities tomorrow.
