id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
84	RemoteReference.getRemoteTubID is not secure	Brian Warner		"The getRemoteTubID method (newly introduced in 0.3.0) is not yet secure: a malicious remote party can supply an arbitrary string for the URL/sturdyref of each referenceable, and the tubid portion of that string is not validated against the cryptographic connection properties.

I'm not sure that having getRemotetubID is a great idea anyways, but if we have it, it really ought to be secure.

The easiest fix will be to get this from the Broker, rather than from the !RemoteReferenceTracker's copy of the per-object FURL.
"	defect	new	critical	undecided	unknown	0.2.9