[tahoe-dev] Authority to DoS via WAPI

zooko zooko at zooko.com
Tue Jan 20 19:54:31 UTC 2009 

On Jan 20, 2009, at 2:37 AM, Toby Murray wrote:

> The current solution is perhaps too much of a hack, only half- 
> solving the problem at the expense of adding complexity. Perhaps it  
> should be reverted.

Yeah, I guess it doesn't make sense to allow linked uploads  
(requiring a writable dir cap) while forbidding unlinked uploads,  
since you can always just unlink the thing after you've uploaded it.

Let's revert your change for now, but I hope you contribute to the  
upcoming discussion of how to do resource management in a better way.

You suggested:

> whenever a slot's refcount drops below 1, we reclaim its space.


I had previously suggested an approach like this to Brian, but I  
think there are some problems with this approach, starting with the  
classic question of how to collect reference cycles, as well as the  
usage issue that people might like to keep caps in their browser  
bookmarks or post-it notes or whatever -- external to the Tahoe  
system -- to otherwise unlinked files and directories.  So in terms  
of garbage collection, there can be a large number of roots and we  
don't necessarily know them all!

If we want to support that sort of usage -- and I do -- then we need  
to have some way to discern the difference between garbage -- a file  
that nobody in the universe hsa a cap to -- and a file that has no  
references to it within a given Tahoe directory structure but which  
is referenced by and valuable to someone.

I guess that's really where the discussion should start: the  
relationship between that person who values that file, and you who  
operate a storage server.  Why should you keep that share intact on  
behalf of that person?  What responsibilities do they have to fulfill  
in order that you'll agree to keep that share for them (such as  
regularly refreshing a "lease" on that share, or agreeing to pay the  
bills that you send for having held that share)?  How long are you  
willing to agree to keep that share for them -- weeks?  years?  decades?

Regards,

Zooko

More information about the tahoe-dev mailing list