[tahoe-dev] time-based authority
Troy Benjegerdes
hozer at hozed.org
Fri May 8 22:06:41 UTC 2009
I was reading the 'hack tahoe' page ( http://hacktahoe.org/csrf.html ),
and I started wondering if or how time-based capabilities could be
introduced. I think this is particularly important longer-term, as the
capability model based around unguessable/unforgeable URL's is great
from the mathematics and crypto perspective, but kinda flawed in the way
humans work.
For instance, I might want to give someone write access to a directory
for 6 months, then have it become immutable. From what I understand of
Tahoe's current architecture, once you hand a client a write cap, you've
got it for all time.
the AFS distributed filesystem, which was designed to function with
trusted servers, a hostile network, and potential hostile or compromised
clients only gives you time-limited access to read/write a file.
Obviously if you download/cache the file, you've got it for all time,
but you are blocked from getting anything new you don't have in cache
after your tokens expire. And you definitely can't write to it.
This limits the exposure of a compromised client... if I have my
read/write cap on my iphone or laptop, and it gets stolen, I really
don't want my 'authority' going with that piece of hardware.
This is where I start wondering how Tahoe could be integrated with
Kerberos to provide authentication, and time-limited tokens.
Any thoughts ?
More information about the tahoe-dev
mailing list