[tahoe-dev] Any project related to network security in Tahoe LAFS project
James A. Donald
jamesd at echeque.com
Sun Oct 10 21:05:50 UTC 2010
On 2010-10-10 1:01 AM, Greg Troxel wrote:
> * quotas
> In a shared grid of multiple people, a natural desire is to make sure
> everyone is being evenhanded in terms of resource consumption vs
> provision, at least as soon as things become full. Typical filesystems
> have quotas, or someone runs du and yells at people, but in tahoe one
> can't do that (and that's a feature).
> A possible way to do this is to have leases on shares be associated with
> some 'storage use capability', and perhaps this should be via digital
> cash. Someone who provides 1 TB of share storage for a month would
> perhaps get 500G-months of share storage credits.
> The trick is to do this without breaking any of the security properties
> tahoe-lafs already has.
Each file and directory contains a link to a directory that owns it, a
link to its parent directory. This link is widely accessible, because
used to bill the parent directory for the file storage, thus anyone
running a server can discover from a file the root directory that owns
If root directory=>person, we have lost some important security
qualities. If the root directory is as anonymous as files are at
present, not so much.
To enable anonymous root directories, each entity providing space issues
storage credits in both account and chaumian form.
To create a root directory, establish a credit for that root directory
on all servers. When the credit is used up, root directory expires, and
all its associated files expire.
To store files on a hundred entities, someone storing data needs a
hundred different storage credits, an unmanageable complication if the
storage credits are directly exchanged by humans.
Automatic exchange, on the other hand, is likely to be done wrong and
and if done wrong, will be gamed. Machines exchanging one kind of
storage credit for another would have to act like rational actors on
behalf of their owners, a programming task whose difficulty I have not
fully thought through.
More information about the tahoe-dev