ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-04-27 22:39:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

explain why this conclusion is fine

Browse Source
This commit is contained in:
Jean-Paul Calderone 2021-03-19 15:03:36 -04:00
parent bc2b7f250e
commit 6aad53a598
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/proposed/http-storage-node-protocol.rst
View File

@ -286,8 +286,13 @@ We considered making this ``POST /v1/immutable`` instead.
The motivation was to keep *storage index* out of the request URL. The motivation was to keep *storage index* out of the request URL.
Request URLs have an elevated chance of being logged by something. Request URLs have an elevated chance of being logged by something.
We were concerned that having the *storage index* logged may increase some risks. We were concerned that having the *storage index* logged may increase some risks.
However, we decided this does not matter because the *storage index* can only be used to read the share (which is ciphertext). However, we decided this does not matter because:
TODO Verify this conclusion.
* the *storage index* can only be used to retrieve (not decrypt) the ciphertext-bearing share.
* the *storage index* is already persistently present on the storage node in the form of directory names in the storage servers ``shares`` directory.
* the request is made via HTTPS and so only Tahoe can see the contents,
therefore no proxy servers can perform any extra logging.
* Tahoe itself does not currently log HTTP request URLs.
``PUT /v1/immutable/:storage_index/:share_number`` ``PUT /v1/immutable/:storage_index/:share_number``
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!