[tahoe-dev] Tahoe WUI enhancement suggestion
til
tilllt at yahoo.com
Tue Jun 18 19:47:36 UTC 2013
Hmm, i can think of a lot of situations where i might want to have access to my stuff without being dependent on some technical aid that i have to have on me all the time. Actually thats one of the best things about storing things in a cloud. For me it's not too hard to imagine situations where that could be useful: you are on a trip and all of your stuff is stolen. but you got copies of your travel documents in some cloud storage. you just download them and prove you have a visa / permission or whatever. sure, i could have stored them on my google drive or my dropbox, but for its advantages over corporate services like that, i decided to use tahoe, where i have set up a storage grid with my friends. since i have no means to recover the URI's of my Tahoe storage, i cannot access my files.
I understand the rigid approach
you guys have towards security issues, and it's a personal decision to bypass them (i could just point my webserver using a memorable url to display the aliases). i just wonder if there is no middleground to that. something like TAN which allows a possible security breach once to recover the URI's ... i dont know anything about the academic theories behind this kind of mechanisms, but i would think you guys do.
I got the feeling that there is a great potential in Tahoe, for different kind of security demands. Personally i would still prefer using Tahoe - for the storage backend capabilities - if it had just the same security on the webui part of something like GDrive or Dropbox, i log in with a username and a password and and i can access my stuff. I can imagine that this sounds horrible to you guys in terms of security, but i am already happy to know that my stuff is stored redundantly and encrypted so the people providing each other the storage
space cannot access the data.
Maybe it's just the wrong kind of software i am trying to use for what i want to achieve, or i should just bypass some of tahoes security features by letting me display my aliases ... still, for me and i guess a lot of other people, there is definitely demand for something maybe not as secure as intended by tahoe but still a lot better than using dropbox or googledrive. it's ok to educate people about what "real" security means, but somehow i dont understand the "use-it-in-the-super-secure-way-or-dont-use-it-at-all" kind of attitude...
________________________________
From: Greg Troxel <gdt at ir.bbn.com>
To: till <tilllt at yahoo.com>
Cc: Tahoe-LAFS development <tahoe-dev at tahoe-lafs.org>
Sent: Tuesday, June 18, 2013 1:39 PM
Subject: Re: [tahoe-dev] Tahoe WUI enhancement suggestion
till <tilllt at yahoo.com> writes:
> To explain this a little better: I am wondering if access to my Files
> on tahoe is tied to the necessity of carrying around some sort of
> technical device with me to store the URI's, which are not possible to
> memorize.
So the real question here is what security properties are you trying to
get, and why?
One use case:
You have a computer that can access your files with credentials
stored
on it, in a .tahoe/private/aliases file. You have access to a grid,
some of which might be your computers, but you don't (necessarily) trust
those computers for confidentiality. Here, you can access your files
From the first computer.
Another use case:
You don't want to trust most of your computers with storing keys
(aliased URIs). But you carry around a small encrypted fs somehow and
use a few different computers (all of which you trust) to acesss your
files.
> So if i am on the road, i have no smartphone, no thumb drive, but
> internet access through browser only (no shell and no SSH:
> i.e. internet-cafe), there is no secure means how i could access to my
> stuff, except for printing out the URI's on a slip of paper that i
> carry around and typing them in - (assuming that i have access to the
> wui from the internet)?
So here I am boggled: this
use case makes no sense at all. The notions
of "securely accessing" and "internet cafe" are incompatible. Part of
the point of tahoe is to be able to use nodes for storage when you do
not trust them for confidentiality. So then you are talking about
using a computer that cannot be reasonably trusted to maintain
confidentiality? If you're willing to use that, why do you need
confidentiality for your bits at all?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130618/aa2cf811/attachment.html>
More information about the tahoe-dev
mailing list