[tahoe-dev] [tahoe-lafs] #684: let client specify the encryption key

Shawn Willden shawn-tahoe at willden.org
Mon May 25 01:00:06 UTC 2009


On Sunday 24 May 2009 06:23:22 pm Zooko Wilcox-O'Hearn wrote:
> On May 24, 2009, at 14:48 PM, Shawn Willden wrote:
> > I need a way to map content hashes to read caps, because my backup
> > log contains content hashes.  I can't put read caps in the backup
> > log for a couple of reasons which should become clear below.
>
> They did not become clear to me.  Why can't you put read caps in the
> backup log? 

Sorry, when I wrote the "should become clear" I was intending to explain; but 
then I forgot to.

To compute a read cap you have to (a) pick your FEC parameters and (b) do all 
of the FEC work so you can generate the UEB so you can hash it.

I don't want the backup to have to know what FEC parameters will be used, and 
for performance reasons I definitely don't want to do everything required to 
compute a UEB.  Actually, I have to say that I haven't tested the performance 
issue.  Brian seemed to think it would be much slower than just hashing the 
file.  File hashing is basically I/O bound on most machines.

In addition to those issues, there's also the fact that I don't know at backup 
log generation time if I'm going to upload a full file or a delta, and the 
read cap for the two will be different.  If I knew, it would also mean that 
I'd have to generate the delta so that I could generate the read cap for the 
delta.

> I guess in general you don't want to do that unless, of
> course, you want someone having access to the backup log itself to
> give them access to all the files.  Do you want that?

Yes, I do want that.  The issue is separation of concerns and scan 
performance, not access control.

	Shawn.



More information about the tahoe-dev mailing list