[tahoe-dev] So how do *you* manage your keys, then?

[David-Sarah Hopwood]

Zooko Wilcox-O'Hearn wrote:
> As a thought experiment, consider that one *could* write a new layer  
> on top of Tahoe-LAFS that used secret-sharing to split a cap into  
> secret shares.  Then the composition of the Tahoe-LAFS "secure  
> distributed storage" layer along with the secret-sharing of the cap  
> would have similar properties to Cleversafe.  I've often wanted to do  
> that so that users of allmydata.com's backup services would have a  
> third option instead of just "allmydata.com keeps my key safe for me"  
> and "I keep my own key and take my chances".  The reason I never did  
> it yet is that I don't see how to integrate it smoothly enough into  
> UI/customer experience/etc.  How would a customer who wants to backup  
> their files to allmydata.com deliver the various shares of their  
> secret to various locations -- email them to friends?  It sounds like  
> too much confusion and too much work for the average backup customer,  
> who after all is really trying to buy simplicity and peace-of-mind,  
> not to invest a lot of time learning a new tool!

For off-line backup, the security property I want is that I can
perform backups, which do not overwrite any information, using a
key that is stored on-line, but need a separate key (that cannot be
derived from the first) to retrieve the data as it existed on a
given date.

Since I can store the retrieval key off-line, being able to use secret
sharing for it is only a nice-to-have feature, not essential.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com