In-reply-to » Salty.im Blob Storage - HedgeDoc -- Sanity check a design proposal I'm working with @xuu on? πŸ™ Basic idea is to have a secure blob store that clients can store arbitrary files/objects to, like ratchet state that is private to the client, as well as a place to upload arbitrary files to for sharing with other users in chat.

@prologic@twtxt.net I can’t write the whole thing; besides not being informed enough, I definitely don’t have the time. But here’s a start:

The notion is that you produce a list of threat actors (who you’re worried about misbehaving), affected data (what data these actors might have some affect on), and vulnerabilities (what could the threat actor do to the data that you don’t want them to do. Vulnerability can be driven by the β€œCIA” triad: confidentiality, integrity, and availability. With any data, you potentially want it to remain confidential (the C); you want the integrity to remain intact (the I; you don’t want it spoofed, or modified, or deleted by someone else without authorization); and you want that data to be available to whoever should have it when they should have it (the A). You need to put some thought into this and fill out these lists as fully as you can. Probably everyone who uses salty should help.

Then, a threat model is a table like the one I put below. The one line I entered should be read β€œit is possible that one salty user can learn the IP address of another salty user”. You may or may not care about that, so there is a priority column. Again, this table could be crowdsourced among salty users.

Threat Actors
  • other salty.im users
  • salty.im server operators
  • VPS operators
  • network operators
  • casual eavesdroppers
  • law enforcement
  • state actors
Afftected Data
  • login id
  • login (IP) address
  • login session times and durations
  • chat session times, durations, participants
  • contents of chats
Vulnerability
  • learn the data
  • spoof the data
  • delete the data
  • prevent owner from reading the data
  • prevent recipient from reading the data
  • prevent owner from modifying/deleting the data
  • prevent recipient from modifying/deleting the data
Threat Model

| Threat actor | Affected data | Vulnerability | Priority (1-3; 3 high) |
|————–|β€”β€”β€”β€”β€”|—————–|β€”β€”β€”β€”β€”β€”β€”β€”|
| other user | login (IP) | learn the value | 1 |

​ Read More