Skip to content
Snippets Groups Projects
Commit 261f0e4f authored by Chris Wood's avatar Chris Wood
Browse files

Remove "impersonate a user" threat

parent 7e571f00
No related branches found
No related tags found
1 merge request!1Add "lightweight design" doc in markdown format
......@@ -205,10 +205,6 @@ All devices with access to a shared folder contain (at least) a Tahoe read-capab
In this design, we anticipate communicating (at least) a read-capability to the shared folder to an additional device. The impact of revealing this secret is high: a user can forever read updates, unbeknowst to anyone else. Guarding against accidental disclosure of this should be high priority.
**Threat**: impersonate a user
This is a superset of the above threat, more-or-less. Devices which can write to a shared folder also retain a Tahoe write-capability to record their changes (as Snapshots) to files. Anyone gaining knowledge of this capability can forever write updates that appear to be from the device that (legitmately) holds the write-capability. In addition, since Tahoe only allows (but doesn't enforce) a single writer, a malicious actor holding the write-capability could in theory render that device's updates to be inaccessible (corrupted) and future updates impossible. (This design doesn't allow a new device to write, so this threat isn't immediately relevant).
## Backwards compatibility
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment