David-Sarah Hopwood wrote: > and hence are verifiable by the same public key (their own key, that > is, not someone else's). This is a "duplicate signature" attack in the > terminology of <http://citeseer.ist.psu.edu/stern02flaws.html>. > > Is that a valid attack on the intended security properties of Tahoe? I > think probably not, provided that no-one expects these signatures to > guarantee nonrepudiability.
Incidentally, one idea we've kicked around is to let mutable filecaps be augmented with an extra hash-of-the-contents field, to turn them into immutable filecaps. The creator could choose their own tradeoff between cap-length and verification strength (which would include nonrepudiability too). A secondary motivation would be how it relates to future "LDMF" mutable files, in which we're planning to include versioning. The readcap+hash cap would basically point to a mutable slot (the readcap) and a specific version of the file (the hash). The hash could be short, if you don't mind being vulnerable to the writecap holder. cheers, -Brian _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
