[tahoe-dev] question about sharing...

Zooko O'Whielacronx zooko at zooko.com
Wed Jun 1 16:04:41 PDT 2011


On Wed, Jun 1, 2011 at 11:52 AM, Greg Troxel <gdt at ir.bbn.com> wrote:
>
> Yes, they could.  What you are missing is
>
> 1) that this is a capability system, not an ACL system.

This is true, but I want to caution that what we've designed so far is
based on what we think is safe and useful, rather than being limited
to a specific dogma.

In other words, if someone comes up with a new access control scheme
for Tahoe-LAFS which is safe and which provides something that real
users want, then we'll definitely implement that, regardless of
whether it is called "a capability system" or "an ACL system" (or
something else).

I'm aware that a couple of security and cryptography grad students
have been investigating this sort of thing, so I look forward to what
they come up with.


> 2) if you handed them a decryption key for normal data, they could grab
> and download the data.  They could then hand it out.
>
> Basically, if you don't trust people to keep things secret, you can't
> share with them.  This isn't about tahoe, or rather tahoe has no magic
> bullet for this.

Right. Most (but not all) of the most onerous of Tahoe-LAFS's current
limitations are fundamental limitations of any distributed system
(without effective DRM). If anybody can show me a distributed,
DRM-free system which overcomes these limitations then that would be
AWESOME because we could then immediately clone their solution for
future generations of Tahoe-LAFS. :-)

Regards,

Zooko


More information about the tahoe-dev mailing list