[tahoe-dev] Any project related to network security in Tahoe LAFS project

James A. Donald jamesd at echeque.com
Sun Oct 10 21:05:50 UTC 2010

On 2010-10-10 1:01 AM, Greg Troxel wrote:
> * quotas
> In a shared grid of multiple people, a natural desire is to make sure
> everyone is being evenhanded in terms of resource consumption vs
> provision, at least as soon as things become full.  Typical filesystems
> have quotas, or someone runs du and yells at people, but in tahoe one
> can't do that (and that's a feature).
> A possible way to do this is to have leases on shares be associated with
> some 'storage use capability', and perhaps this should be via digital
> cash.  Someone who provides 1 TB of share storage for a month would
> perhaps get 500G-months of share storage credits.
> The trick is to do this without breaking any of the security properties
> tahoe-lafs already has.

A proposal:

Each file and directory contains a link to a directory that owns it, a 
link to its parent directory.  This link is widely accessible, because 
used to bill the parent directory for the file storage, thus anyone 
running a server can discover from a file the root directory that owns 
the file.

If root directory=>person, we have lost some important security 
qualities.  If the root directory is as anonymous as files are at 
present, not so much.

To enable anonymous root directories, each entity providing space issues 
storage credits in both account and chaumian form.

To create a root directory, establish a credit for that root directory 
on all servers.  When the credit is used up, root directory expires, and 
all its associated files expire.

To store files on a hundred entities, someone storing data needs a 
hundred different storage credits, an unmanageable complication if the 
storage credits are directly exchanged by humans.

Automatic exchange, on the other hand, is likely to be done wrong and 
and if done wrong, will be gamed.  Machines exchanging one kind of 
storage credit for another would have to act like rational actors on 
behalf of their owners, a programming task whose difficulty I have not 
fully thought through.

More information about the tahoe-dev mailing list