[tahoe-dev] [tahoe-lafs] #997: The webapi/WUI should have https enabled by default

tahoe-lafs trac at allmydata.org
Sat Mar 13 20:16:38 UTC 2010


#997: The webapi/WUI should have https enabled by default
----------------------------------------+-----------------------------------
 Reporter:  jsgf                        |           Owner:  nobody   
     Type:  defect                      |          Status:  new      
 Priority:  major                       |       Milestone:  undecided
Component:  unknown                     |         Version:  1.6.0    
 Keywords:  confidentiality wui webapi  |   Launchpad_bug:           
----------------------------------------+-----------------------------------
 In the spirit of making the defaults secure, the web interface should have
 https enabled by default.  Plain http is only secure if you assume users
 will always interact with the server over a secure network, but practice
 shows that people often connect to remote servers.

 This implies that Tahoe should ship with some certificates.  These can be
 any dummy self-signed certs, since we just need secure key negotiation.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/997>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list