Support Different Port for PUTs compared to GETs #33
Comments
|
Tails Server design has not gone through that much rigour. It might be a good to hold a discussion about what features we want in a tails server and formalize things like the topics you reference in your question. We implemented the tails server because we needed it -- and did a minimal design. At minimum, we do need a to control who is authorized to write to the tails server. We've also seen some other potential resources that might go on a tails server in future related to issued VCs that we could think about. |
|
I am adding some team stories locally to see if we can spend some time on these in Q3. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it the intention that ANY credential issuer can use ANY tails file server ?
Currently there is only a single PORT configured for the tails server. GETs HAVE to be available to the public however allowing PUTs on the same port means that any issuers capable of writing a revocable registry entry to the ledger could use any ones tails file server. This seems problematic and suggests a seperate PORT should be configurable for the PUT method so that it can be protected via standard firewall protection approaches.
It may seem crazy that anyone would use a tails server they don't have control of for their credentials however it does open a potential DOS avenue depending on the cost of ledger writes.
The text was updated successfully, but these errors were encountered: