use client-side storage to defend against rollback attack #955

Open
opened 2010-02-15 05:40:59 +00:00 by zooko · 2 comments

As mentioned in (@@http://www.mail-archive.com/cryptography@metzdowd.com/msg10865.html@@) , clients which have previously viewed a mutable file or directory could remember the version number that they had already seen and refuse to accept an earlier version number after that. This would prevent rollback attack whenever that client-side storage was carried from the first read to the next.

The client-side storage of the version numbers could be integrated with the backupdb, which already likes to remember a few facts about files and directories in order to optimize backups. (And eventually perhaps restores and "mirrorings" and reads and writes as well.)

As mentioned in (@@http://www.mail-archive.com/cryptography@metzdowd.com/msg10865.html@@) , clients which have previously viewed a mutable file or directory could remember the version number that they had already seen and refuse to accept an earlier version number after that. This would prevent rollback attack whenever that client-side storage was carried from the first read to the next. The client-side storage of the version numbers could be integrated with the backupdb, which already likes to remember a few facts about files and directories in order to optimize backups. (And eventually perhaps restores and "mirrorings" and reads and writes as well.)
zooko added the
code-mutable
major
defect
1.6.0
labels 2010-02-15 05:40:59 +00:00
zooko added this to the undecided milestone 2010-02-15 05:40:59 +00:00
Author

#956 (embed security metadata in parent directory) and #957 (embed security metadata in URL) are about other places that this information (and other kinds of "security-related metadata") could be usefully stored.

#956 (embed security metadata in parent directory) and #957 (embed security metadata in URL) are about other places that this information (and other kinds of "security-related metadata") could be usefully stored.
zooko modified the milestone from undecided to 2.0.0 2010-02-23 03:13:22 +00:00
zooko added
enhancement
and removed
defect
labels 2011-01-16 03:59:01 +00:00
Owner

Ticket retargeted after milestone closed (editing milestones)

Ticket retargeted after milestone closed (editing milestones)
meejah removed this from the 2.0.0 milestone 2021-03-30 18:40:46 +00:00
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: tahoe-lafs/trac-2024-07-25#955
No description provided.