[tahoe-dev] [tahoe-lafs] #795: append-only files
tahoe-lafs
trac at allmydata.org
Sat Aug 22 16:19:48 PDT 2009
#795: append-only files
--------------------------+-------------------------------------------------
Reporter: warner | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Component: code-mutable | Version: 1.5.0
Keywords: | Launchpad_bug:
--------------------------+-------------------------------------------------
It's a long-term goal, but it would be nice to have append-only
mutable files in Tahoe. Specifically, that means some sort of
mutable slot that has the following caps:
* writecap (permits arbitrary modification)
* appendcap (permits appending new data, not removing existing
data)
* readcap (permits reading arbitrary data)
* verifycap
Note that the appendcap and readcap are peers: neither can be
derived from the other.
{{{
writecap
| |
v v
appendcap readcap
| |
v v
verifycap
}}}
This requires some tricky encryption, and will rely upon the
servers to enforce certain types of message updates. (this means
that a sufficiently-large set of colluding servers will be able
to roll back appended messages until someone with the writecap
comes along and flattens them all into the base file). I've got
some notes on this scheme somewhere, which I'll eventually
transcribe into this ticket. The basic approach is that the
appendcap gets you a signing key, and the server will accept
signed append messages, and put them next to all of the other
messages. The writecap gets you a different signing key, with
which the servers will accept arbitrary rewrite operations. I
also have notes on revocation schemes (where you can create
multiple "subwritecaps" for an object, but revoke them later),
which involves even more sets of signing keys.
This could be integrated with LDMF mutable files, in which the
servers hold a series of append-only revision nodes, forming a
version-history graph (which I still think should be based on
Mercurial's "revlog" format). In this case, writecap holders get
to add revision nodes, but not remove older ones.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/795>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list