From 674ce72fdadbd50a0c36c9e316632603a5a3225c Mon Sep 17 00:00:00 2001 From: enkore Date: Wed, 10 Jan 2018 12:31:06 +0100 Subject: [PATCH] sec docs: explicitly note what happens OUTSIDE the attack model --- docs/internals/security.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/internals/security.rst b/docs/internals/security.rst index 375aee7e0..16a0fd092 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -37,6 +37,10 @@ Under these circumstances Borg guarantees that the attacker cannot The attacker can always impose a denial of service per definition (he could forbid connections to the repository, or delete it entirely). +When the above attack model is extended to include multiple clients +independently updating the same repository, then Borg fails to provide +confidentiality (i.e. guarantees 3) and 4) do not apply any more). + .. _security_structural_auth: Structural Authentication