[tahoe-dev] [tahoe-lafs] #604: one-shot distributed revocable forwarding slots

tahoe-lafs trac at allmydata.org
Tue Feb 3 15:18:38 PST 2009


#604: one-shot distributed revocable forwarding slots
---------------------------+------------------------------------------------
 Reporter:  warner         |           Owner:           
     Type:  enhancement    |          Status:  new      
 Priority:  major          |       Milestone:  undecided
Component:  code-encoding  |         Version:  1.2.0    
 Keywords:  revocation     |   Launchpad_bug:           
---------------------------+------------------------------------------------

Comment(by swillden):

 An effect of the multiple shares is that if Bob wants to get the secret
 without tripping the opened flag, he has to subvert all of the servers.
 Without that, perhaps it just happens that Alice places the secret on a
 server that Bob controls.  So if that server has enough information to
 allow Bob to recover the secret, then he can retrieve the data and see
 that the flag remains in the unopened state.

 Of course, if Alice only contacts servers that Bob controls when she tries
 to revoke, or if they're the only ones on-line when she checks, then it's
 possible for Bob to take the secret undetectably.

 By setting k high (perhaps even k = N, with large N), Alice can make
 undetected retrieval hard (increasing the number of servers Bob has to
 control) at the expense of making the secret less reliable.  By choosing
 small k, she makes the secret reliable, but undetected retrieval easier.

 Interesting idea.  I don't see any practical applications, but it is
 interesting.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/604#comment:2>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list