Comments (15)
threat m(
from qabel.github.io.
yep. thanks!
from qabel.github.io.
There is early draft at https://github.com/Qabel/qabel-doc/wiki/Threat-Model.
from qabel.github.io.
Should something like a mitm attack on tls with faked certificate be part of this page (under Local network attacker)?
Or should this page only show threats to the proper working system?
It might be important for future versions to protect the user from such an attack, or is there already such a protection?
from qabel.github.io.
Should something like a mitm attack on tls with faked certificate be part of this page (under Local network attacker)?
At least, the document should clarify which assumptions our security model makes in terms of underlying protocols (like TLS).
from qabel.github.io.
This issue and its last update are rather old. What is the status of this issue @schulze and maybe @cburkert?
from qabel.github.io.
@schulze and I will work on this next week in preparation for our Qabel Architecture Review meeting on 12/17.
from qabel.github.io.
Should something like a mitm attack on tls with faked certificate be part of this page (under Local network attacker)?
@roeslpa I added a note about TLS: https://github.com/Qabel/qabel-doc/wiki/Threat-Model#tls Is this what you had in mind?
from qabel.github.io.
@schulze Yep, it is. 👍
from qabel.github.io.
Bump.
from qabel.github.io.
Here is a link to the new location of the document.
from qabel.github.io.
@schulze is this page still up to date?
from qabel.github.io.
The page is not up to date, is unfinished and needs work.
from qabel.github.io.
@schulze do you mind if I update the threat model?
from qabel.github.io.
Just go ahead!
One suggestion: The content I originally had in mind shouldn't really be called a "threat model", but rather a "security policy". I you want to feel free to split or rename the page.
from qabel.github.io.
Related Issues (20)
- Update Box-docs
- Define type formats HOT 2
- Change to kramdown
- Define max size and persistance of drop messages
- DropURL length should be fixed HOT 5
- substitute S3 with blockserver
- Protect private key in exported identity
- Remove used prefix from exported identity HOT 2
- Header and Footer images of qabel.github.io removed
- Drop ID too long to provoke collisions HOT 3
- Logo icon broken HOT 1
- Update auth ressource in accounting server
- Peer-to-Peer Channel for Qabel
- change Box Protocol title to Block and Box Protocol HOT 1
- Index is the new Register
- update box spec for filehashes
- General doc polish HOT 1
- Accounting server missing in components
- Update index server spec with latest changes
- Update block spec HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qabel.github.io.