[tahoe-dev] Capability of a file could be changed in deep-copy??

Brian Warner warner at lothar.com
Mon Jan 17 04:52:27 UTC 2011

On 1/16/11 8:39 PM, Shawn Willden wrote:

> Removing the image folder doesn't help, either, because even without the
> directory node, Bob could have saved the caps of the files themselves.
>  The only way for Alice to make them inaccessible to Bob is to wait
> until expiration removes the shares of the images -- which assumes that
> she doesn't have them referenced from some other directory which she's
> periodically renewing leases on, and assumes that the storage servers
> have expiration turned on.

It also assumes that Bob didn't establish his own leases on those
shares. Anyone who holds a readcap can renew their own lease on the
shares of that file: if they can read it today, they have the right to
keep it alive so they can read it next month.

> However, in the same way that Bob could have saved copies of the file
> caps, he could also have saved copies of the files themselves.  In
> general, it's really not possible to remove access to data.  You can
> refuse to give access to new data, but one someone has had access to a
> given piece of information, you have to assume that if they want it,
> they have it forever because they could have copied. it.

Well stated!


More information about the tahoe-dev mailing list