[tahoe-dev] help—how do we communicate the difference between using someone else's gateway and using your own?
Dirk Loss
lists at dirk-loss.de
Fri Aug 26 17:02:30 UTC 2011
On 26.08.11 18:23, Zooko wrote:
> This is actually pretty important because all of Tahoe-LAFS's unique
> security properties obtain *only* when you operate your own gateway.
[...]
> If you use someone else's gateway, then you simply rely on *that
> computer* for those properties, which means you would be vulnerable
> to anyone who controls that computer (including its owner and any
> attacker who can take over control of it).
[...]
> Maybe we need to stop telling newcomers about the concept of "letting
> other people use your gateway", and instead just tell them that the
> way to use Tahoe-LAFS is to run your own gateway on your local
> computer and then use it yourself.
Yes. As a newcomer to Tahoe-LAFS I think users should just be told that
the way to use Tahoe-LAFS is to run your own gateway.
Actually, I would go so far as to suggest changing the diagram on the
front page of the web site [1] in order make this more clear:
For example, draw a rectangle around Tahoe-LAFS gateway and Tahoe-LAFS
client and annotate it with "Your computer", or something like that.
IMHO new users should be guided from the start to build their mental
model based on that canonical, secure architecture. Special variants for
special circumstances can be presented later on.
In the end, most users expect Tahoe-LAFS to provide not only
availability, but also confidentiality and integrity for their data.
That seems to be its main selling point. If using a 3rd-party gateway
does not provide those security properties, that architectural variant
just is not acceptable or relevant for those users. And any discussion
of that variant has a good chance of confusing them.
Best regards
Dirk
[1] http://tahoe-lafs.org/~zooko/network-and-reliance-topology.png
More information about the tahoe-dev
mailing list