[OpenAFS-devel] Re: safe dropboxing in an anonymous world

[Derrick Brashear]

On Tue, Feb 8, 2011 at 11:57 AM, Andrew Deason <adeason@sinenomine.net> wro=
te:
> On Mon, 07 Feb 2011 17:29:23 -0500
> Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>
>> If the goal is to permit anonymous submission of homework for example,
>> this model is simply not safe under any circumstances. =A0That is why I
>> proposed a configuration option to disable the use of 'i'nsert with
>> anonymous. =A0Answering Andrew, Mike Meffie's change (gerrit/217) is
>> different.
>
> I haven't seen any explanation as to how. It is a generalized mechanism
> for restricting what rights an anonymous client can have. Unless you
> mean only affecting anonymous rights in special cases? (like the dropbox
> case)
>
>> I do not believe we are at a point where making such a change is
>> acceptable. =A0I think the best we can do in the short term is a
>> combination of:
>>
>> =A0* Derrick's proposal (gerrit/3901)
>>
>> =A0* Providing an option to disable 'i'nsert for anonymous client
>>
>> =A0* Improving our documentation to make it clear that system:anyuser "l=
i"
>> =A0 =A0and anonymous users are not a secure mix.
>
> And I must reiterate that I think an additional note of the possible
> failure scenario is required. Some sites will skip over security
> warnings due to the closed nature of the site or for other reasons, but
> "cannot/may not work in certain edge cases" will actually register.

would you be willing to extend 3901 or add a gerrit incident with
proposed documentation wording?
i'd like to see them advance together.





--=20
Derrick