[tahoe-dev] So how do *you* manage your keys, then?
david-sarah at jacaranda.org
Wed Aug 19 01:45:47 UTC 2009
Zooko Wilcox-O'Hearn wrote:
> As a thought experiment, consider that one *could* write a new layer
> on top of Tahoe-LAFS that used secret-sharing to split a cap into
> secret shares. Then the composition of the Tahoe-LAFS "secure
> distributed storage" layer along with the secret-sharing of the cap
> would have similar properties to Cleversafe. I've often wanted to do
> that so that users of allmydata.com's backup services would have a
> third option instead of just "allmydata.com keeps my key safe for me"
> and "I keep my own key and take my chances". The reason I never did
> it yet is that I don't see how to integrate it smoothly enough into
> UI/customer experience/etc. How would a customer who wants to backup
> their files to allmydata.com deliver the various shares of their
> secret to various locations -- email them to friends? It sounds like
> too much confusion and too much work for the average backup customer,
> who after all is really trying to buy simplicity and peace-of-mind,
> not to invest a lot of time learning a new tool!
For off-line backup, the security property I want is that I can
perform backups, which do not overwrite any information, using a
key that is stored on-line, but need a separate key (that cannot be
derived from the first) to retrieve the data as it existed on a
Since I can store the retrieval key off-line, being able to use secret
sharing for it is only a nice-to-have feature, not essential.
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the tahoe-dev