From 6ff39da96d21e18f7bf98f2d42250a9a7153cf40 Mon Sep 17 00:00:00 2001
From: davidsarah <>
Date: Sun, 13 Jun 2010 00:52:51 +0000
Subject: [PATCH] security section

[Imported from Trac: page SftpFrontend, version 26]
---
 SftpFrontend.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/SftpFrontend.md b/SftpFrontend.md
index f3560b1..6fb28f3 100644
--- a/SftpFrontend.md
+++ b/SftpFrontend.md
@@ -3,6 +3,10 @@ The SFTP frontend is a server that optionally runs as part of a gateway node, an
 See source:docs/frontends/FTP-and-SFTP.txt for how to enable and set up the SFTP frontend on a gateway. This page is for compatibility issues with particular SFTP clients, and assumes that you are using Tahoe-LAFS v1.7.0β or later. Please add any more issues that you discover.
 
 
+### Security
+
+The security of the connection between the SFTP client and gateway is dependent on the [PyCrypto](PyCrypto) library, which has not been reviewed to the same extent as the pycryptopp library that we use elsewhere in Tahoe-LAFS. Therefore we do not recommend that you rely on the confidentiality or authentication provided by this SSH connection in the current release.
+
 ### General compatibility issues
 
 Before uploading a file to a Tahoe filesystem, the whole file has to be available. This means that the upload can only start when the file has been closed in the SFTP session. Particularly when writing large files, the client may time out between sending the close request and receiving the response (ticket #1041). This is known to be a problem for at least the WinSCP client, which has a close timeout of 15 seconds.