Changes between Version 29 and Version 30 of GSoCIdeas2010

Timestamp:

2009-03-17T02:21:18Z (16 years ago)

Author:

zooko

Comment:

advertisement for the security section

GSoCIdeas2010

@@ -1 +1 @@
 = Ideas =
 What could a smart student do in one summer, if they didn't need to worry about getting a summer job to pay the bills?
+
+== Improvements to Tahoe ==
  * Dealing with NAT, ideally making it as easy to ignore as possible (taking advantage of upnp-igd and Zeroconf NAT-PMP)
  * Opportunistic grid membership:
@@ -9 +11 @@
  * Help with the C client library [http://allmydata.org/trac/libtahoeclient_webapi libtahoeclient_webapi]
  * Make the [http://allmydata.org/trac/tahoe-w32-client Windows client] use only free open-source software
+
+== Deep Security Issues ==
+Want to help make Tahoe support strong security properties which advance the state of the art of security and usability?  It isn't easy!  To tackle these you'll need to think carefully and to integrate security and usability, which are two halves of the same coin.  But you'll have some excellent mentors and the support of a wide community of interested security hackers. 
+
  * Fix Same-Origin-Policy design issue.  Web content from different authors can interact in unintended ways in the victims browser, such as Javascript iterating over open windows, or peeking at a referrer header.  Before this project is undertaken, the problem description and proposed solutions need careful design review and consideration!  The solutions should be considered prototypes and should be backwards compatible with the Tahoe network.
    * Domain Mangling approaches:
@@ -14 +20 @@
      * Special scheme handling in browser add-ons
    * CAJA approach: Require all Javascript to pass the CAJA verifier in the Tahoe web frontend, then create an interface to the tahoe webapi which matches the intended capability semantics.
+ * Tahoe Cryptography Fu (Zooko: add specific projects here)
 
 == Building Things On Top Of Tahoe ==