security section

[Imported from Trac: page SftpFrontend, version 26]
2010-06-13 00:52:51 +00:00 · 2010-06-13 00:52:51 +00:00 · 6ff39da96d
parent af4e827c83
commit 6ff39da96d
1 changed files with 4 additions and 0 deletions
--- a/SftpFrontend.md
+++ b/SftpFrontend.md
@ -3,6 +3,10 @@ The SFTP frontend is a server that optionally runs as part of a gateway node, an
 See source:docs/frontends/FTP-and-SFTP.txt for how to enable and set up the SFTP frontend on a gateway. This page is for compatibility issues with particular SFTP clients, and assumes that you are using Tahoe-LAFS v1.7.0β or later. Please add any more issues that you discover.


+### Security
+
+The security of the connection between the SFTP client and gateway is dependent on the [PyCrypto](PyCrypto) library, which has not been reviewed to the same extent as the pycryptopp library that we use elsewhere in Tahoe-LAFS. Therefore we do not recommend that you rely on the confidentiality or authentication provided by this SSH connection in the current release.
+
 ### General compatibility issues

 Before uploading a file to a Tahoe filesystem, the whole file has to be available. This means that the upload can only start when the file has been closed in the SFTP session. Particularly when writing large files, the client may time out between sending the close request and receiving the response (ticket #1041). This is known to be a problem for at least the WinSCP client, which has a close timeout of 15 seconds.