#955 new enhancement

use client-side storage to defend against rollback attack

Reported by: zooko Owned by:
Priority: major Milestone: 2.0.0
Component: code-mutable Version: 1.6.0
Keywords: integrity newcaps rollback Cc:
Launchpad Bug:

Description

As mentioned in http://www.mail-archive.com/cryptography@metzdowd.com/msg10865.html , clients which have previously viewed a mutable file or directory could remember the version number that they had already seen and refuse to accept an earlier version number after that. This would prevent rollback attack whenever that client-side storage was carried from the first read to the next.

The client-side storage of the version numbers could be integrated with the backupdb, which already likes to remember a few facts about files and directories in order to optimize backups. (And eventually perhaps restores and "mirrorings" and reads and writes as well.)

Change History (4)

comment:1 Changed at 2010-02-15T06:15:46Z by zooko

#956 (embed security metadata in parent directory) and #957 (embed security metadata in URL) are about other places that this information (and other kinds of "security-related metadata") could be usefully stored.

comment:2 Changed at 2010-02-23T03:13:22Z by zooko

  • Milestone changed from undecided to 2.0.0

comment:3 Changed at 2010-10-06T01:38:02Z by zooko

  • Keywords rollback added

comment:4 Changed at 2011-01-16T03:59:01Z by zooko

  • Type changed from defect to enhancement
Note: See TracTickets for help on using tickets.