Opened at 2010-02-15T05:40:59Z
Last modified at 2021-03-30T18:40:46Z
#955 new enhancement
use client-side storage to defend against rollback attack
| Reported by: | zooko | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | code-mutable | Version: | 1.6.0 |
| Keywords: | integrity newcaps rollback | Cc: | |
| Launchpad Bug: |
Description
As mentioned in http://www.mail-archive.com/cryptography@metzdowd.com/msg10865.html , clients which have previously viewed a mutable file or directory could remember the version number that they had already seen and refuse to accept an earlier version number after that. This would prevent rollback attack whenever that client-side storage was carried from the first read to the next.
The client-side storage of the version numbers could be integrated with the backupdb, which already likes to remember a few facts about files and directories in order to optimize backups. (And eventually perhaps restores and "mirrorings" and reads and writes as well.)
Change History (5)
comment:1 Changed at 2010-02-15T06:15:46Z by zooko
comment:2 Changed at 2010-02-23T03:13:22Z by zooko
- Milestone changed from undecided to 2.0.0
comment:3 Changed at 2010-10-06T01:38:02Z by zooko
- Keywords rollback added
comment:4 Changed at 2011-01-16T03:59:01Z by zooko
- Type changed from defect to enhancement
comment:5 Changed at 2021-03-30T18:40:46Z by meejah
- Milestone 2.0.0 deleted
Ticket retargeted after milestone closed (editing milestones)
#956 (embed security metadata in parent directory) and #957 (embed security metadata in URL) are about other places that this information (and other kinds of "security-related metadata") could be usefully stored.