From 45fb5df39eae7f9954f400e12004f75288cd6227 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Thu, 11 Apr 2019 19:02:17 -0400 Subject: [PATCH] add a file to record notes about security --- security.txt | 18 ++++++++++++++++++ spec.txt | 7 +++++++ 2 files changed, 25 insertions(+) create mode 100644 security.txt diff --git a/security.txt b/security.txt new file mode 100644 index 0000000..e4e7df8 --- /dev/null +++ b/security.txt @@ -0,0 +1,18 @@ + +Some notes about security. + +honk is not currently hardened against SSRF, server side request forgery. Be +mindful of what else may be reachable on localhost or the local network if +it's not generally accessible. + +How are user keys supposed to be rotated? Expired? Revoked? + +The current answer is never, never, never. + +If the key is only used for signing http requests, it can be be changed +basically at will. Change the key in the actor, give it a new name (to avoid +conflict with any cached keys), carry on. + +Using keys to sign json is more complicated. The current practice is to name +keys with URL fragments. example.com/user#key. If the keyname is changed to +#newkey, how does one fetch the old key to verify existing data? diff --git a/spec.txt b/spec.txt index ba4131c..26afc37 100644 --- a/spec.txt +++ b/spec.txt @@ -1,3 +1,10 @@ +honk spec + +-- references + +See security.txt for some notes on security. + +-- schema Some notes on the database schema. Mostly for development, but maybe useful for administration as well.