id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,launchpad_bug 491,URIs do not refer to unique files in Allmydata Tahoe,zooko,zooko,"As Christian Grothoff observed, it is possible for an uploader to make some shares produce one file, and other shares produce another file. The integrity check that is currently required -- the Merkle Tree over the shares -- ensures that only one set of shares can be used for a given read-cap or verify-cap, but it doesn't ensure that only one file can be produced. The intended semantics of Tahoe immutable files are that there is only one file that can be denoted by a given read-cap or write-cap, so this is a bug. It isn't a major security issue for the typical current use case, since only the original uploader can construct a file to have this ambiguity -- this cannot be used to attack the integrity of a file if you are not the original uploader of that file. However, it isn't the property that we want and it could be used for mischief, so we're going to fix it. Christian's advisory: http://crisp.cs.du.edu/?q=node/88 His post to tahoe-dev: http://allmydata.org/pipermail/tahoe-dev/2008-July/000689.html ",defect,closed,major,1.2.0,code-encoding,1.1.0,fixed,integrity,,