No subject

Wed Jul 1 18:26:42 PDT 2009

additional pre-processiing step was a very minor modification which =
yielded very significant results.

=20

=20

> The "key management problem" comes down to: I have encrypted data =
stored somewhere (where we assume attackers can access it, but not make =
use of it without the key). To make that data meaningful, I need to be =
able to locate the key appropriate to that data. What's a key? It's some =
private information. In Cleversafe's approach, I have data stored in =
pieces all over the place. To get at it, I need to know where the pieces =
of some data are. That information has to be secret, since anyone who =
has access to it can do the same computation and recover the data just =
as I can.

=20

I think you may be missing one piece of the puzzle.  The location of =
where the data is stored is not secret.  In fact anyone with a packet =
sniffer could see the IP addresses of where the slices are being =
dispersed to.  The slices stored on slice servers are not available for =
anyone to download, an authentication system is used to ensure only the =
proper party can access the slices, much like any key management system =
must authenticate the user in some manner before releasing the key.  =
What authentication system is used can vary from deployment to =
deployment, but the advantage of authentication keys vs. data encryption =
keys is that authentication keys can be lost and replaced without any =
impact on the reliability of the data.  Therefore one need not replicate =
their authentication keys to many locations to prevent their loss.

=20

> Alternatively, I can rely not on the secrecy of that information, but =
on the discretion of those who hold the pieces. OK, but I could have =
done that with a simpler technique: Encrypt the data conventionally, =
then split the key among the trusted holders. That's a tiny, and more to =
the point, *fixed* overhead beyond the size of the data, which will =
always beat the cleverest Reed-Solomon or erasure coding. (It also has - =
if I use an appropriate mode - such nice features as random access to =
small parts of the data without the need to decrypt the whole thing =
first.)

=20

As noted above, the main point of dispersal is the extremely high levels =
of reliability that can be achieved.  The security features of AONT when =
combined with dispersal is only the icing on the cake.  Consider that a =
10 of 16 dispersed storage network can suffer 4 simultaneous failures =
and still have the reliability of a RAID 6 system.  Security encompasses =
not just confidentiality but also availability, if the failure of a =
single piece of hardware results in irrecoverable data loss, then such =
data is not very secure.  Regarding the problem of random access, our =
software does have a segmentation layer for exactly this purpose, it =
splits large files into smaller segments which can be accessed =
individually.

=20

> Granted, Cleversafe has other nice features. But other than changing =
"the key management problem" to "the secret information needed to get at =
the data, which won't be used as a crypto key" problem, I don't see how =
they've actually *solved* anything.

=20

If you consider any hypothetical conventional system for data encryption =
and key management, it will almost surely suffer from one of the =
following common problems, problems which are mitigated or eliminated by =
dispersal+aont:

=20

-          Low reliability or availability of key storage system

-          Ease of physical compromise

-          Vulnerability to malicious or incompetent insiders

-          Reliance on asymmetric cryptography

-          Reliance on passwords which are either easy to forget or easy =
to brute force

-          Complex procedures for cycling and expiring keys

-          Difficulty with accessing off-line key shares

=20

=20

> Further: If I'm only encrypting stuff for myself, there's little =
reason to use multiple keys. The key management problem becomes =
interesting when there is different encrypted data with different access =
rights for different groups of users. It's beyond me how Cleversafe's =
approach makes this easier - or harder.

=20

It actually becomes entirely about access rights and authentication, as =
it should be.  The reason for data encryption is to serve as a last line =
of defense for attacks that can circumvent authentication mechanisms.  =
If it were impossible to open up your laptop and take its hard drive =
out, full disk encryption wouldn't be needed.  Likewise if it were =
physically impossible to tap a connection, TLS would be unnecessary.    =
Using the AONT with Dispersal makes it such that bypassing the =
authentication system (by physically stealing a machine holding slices, =
or remotely compromising it) is entirely fruitless.  Only by getting =
access to a threshold number of devices (which we maintain is harder =
than accessing a single location where one key is kept) can one get at =
the data.

=20

I hope this helps to clarify the reason behind why we have adopted this =
approach.  If you have any further questions don't hesitate to ask.

=20

Jason

=20

=20

P.S.

=20

Zooko cross-posted his original post to several threads. You may wish to =
check out what has been said at the tahoe-dev at allmydata.org mailing list =
on this topic.

------_=_NextPart_001_01CA0E8C.FBA44185
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Wingdings;
	panose-1:5 1 1 1 1 1 1 1 1 1;}
@font-face
	{font-family:"MS Mincho";
	panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
	{font-family:Century;
	panose-1:2 4 6 4 5 5 5 2 3 4;}
@font-face
	{font-family:"\@MS Mincho";
	panose-1:0 0 0 0 0 0 0 0 0 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:Century;}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:navy;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
 /* List Definitions */
 @list l0
	{mso-list-id:1411393053;
	mso-list-type:hybrid;
	mso-list-template-ids:694984056 -2027142250 67698691 67698693 67698689 =
67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-start-at:0;
	mso-level-number-format:bullet;
	mso-level-text:-;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Arial;
	mso-fareast-font-family:"MS Mincho";}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dnavy>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>On Jul 26, 2009, at 12:11 AM, james hughes =
wrote:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>=A0=A0=A0 On Jul 24, 2009, at 9:33 PM, Zooko =
Wilcox-O'Hearn wrote:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

=A0=A0=A0=A0=A0=A0=A0 [cross-posted to =
tahoe-... at allmydata.org and
cryptography at metzdowd.com ]<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

=A0=A0=A0=A0=A0=A0=A0 Disclosure: Cleversafe is to =
some degree a
competitor of my Tahoe- LAFS project. <o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>=A0=A0=A0 ...<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

=A0=A0=A0=A0=A0=A0=A0 I am tempted to ignore this =
idea that they are
pushing about encryption being overrated, because they are wrong and it =
is
embarassing. <o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

=A0=A0=A0 The trick is cute, but I argue largely =
irrelevant. Follows
is a response to this web page that can probably be broadened to be a =
criticism
of any system that claims security and also claims that key management =
of some
sort is not a necessary evil.... <o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

&gt; It seems to me there's a much simpler critique. =
The
Cleversafe approach - which is not without its nice points - solves the =
&quot;key
management problem&quot; in exactly the same way that some version of =
Windows
solved the &quot;frequent General Protection Fault crashes&quot; problem =
(by
eliminating the error message).<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Eliminating the error message amounts to ignoring the
problem while sweeping it there under the rug, which I don=92t think is =
an
accurate representation of how this technique handles key management. =
=A0This
technique provides a genuine method for achieving a high degree of =
security
without the need for a key management system. =A0James Hughes, who =
posted earlier
in this thread, referenced a paper which explores this topic in greater =
detail:
</span></font><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><a =
href=3D"">http://www.ssrc.ucsc.edu/Papers/storer-usenix07.pdf</a>.=A0
Cleversafe=92s method has the same confidentiality advantages as =
POTSHARDS yet we
achieve much greater storage efficiency than is possible using an =
information
theoretically secure secret sharing scheme, as POTSHARDS does.=A0 While =
one may object
to the fact that Cleversafe=92s technique requires that multiple secure =
locations
for slices to be stored, this problem always existed for =
geo-dispersal.=A0 When
Cleversafe first began, the design did not have the feature of AONT; the
benefits of dispersal alone (increased reliability, availability and =
efficiency
in storage) were strong enough a motivation to pursue this model for =
data
storage. =A0From this frame of reference, you can see that adding the =
AONT as an
additional pre-processiing step was a very minor modification which =
yielded
very significant results.</span></font><font size=3D2 face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p=
>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

&gt; The &quot;key management problem&quot; comes =
down to: I
have encrypted data stored somewhere (where we assume attackers can =
access it, but
not make use of it without the key). To make that data meaningful, I =
need to be
able to locate the key appropriate to that data. What's a key? It's some
private information. In Cleversafe's approach, I have data stored in =
pieces all
over the place. To get at it, I need to know where the pieces of some =
data are.
That information has to be secret, since anyone who has access to it can =
do the
same computation and recover the data just as I =
can.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

I think you may be missing one piece of the puzzle. =
=A0The
location of where the data is stored is not secret. =A0In fact anyone =
with a
packet sniffer could see the IP addresses of where the slices are being
dispersed to. =A0The slices stored on slice servers are not available =
for anyone
to download, an authentication system is used to ensure only the proper =
party
can access the slices, much like any key management system must =
authenticate
the user in some manner before releasing the key.=A0 What authentication =
system
is used can vary from deployment to deployment, but the advantage of
authentication keys vs. data encryption keys is that authentication keys =
can be
lost and replaced without any impact on the reliability of the data. =
=A0Therefore
one need not replicate their authentication keys to many locations to =
prevent
their loss.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

&gt; Alternatively, I can rely not on the secrecy of =
that
information, but on the discretion of those who hold the pieces. OK, but =
I
could have done that with a simpler technique: Encrypt the data =
conventionally,
then split the key among the trusted holders. That's a tiny, and more to =
the
point, *fixed* overhead beyond the size of the data, which will always =
beat the
cleverest Reed-Solomon or erasure coding. (It also has - if I use an
appropriate mode - such nice features as random access to small parts of =
the
data without the need to decrypt the whole thing =
first.)<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

As noted above, the main point of dispersal is the =
extremely
high levels of reliability that can be achieved.=A0 The security =
features of AONT
when combined with dispersal is only the icing on the cake.=A0 Consider =
that a 10
of 16 dispersed storage network can suffer 4 simultaneous failures and =
still
have the reliability of a RAID 6 system. =A0Security encompasses not =
just
confidentiality but also availability, if the failure of a single piece =
of
hardware results in irrecoverable data loss, then such data is not very =
secure.=A0
Regarding the problem of random access, our software does have a =
segmentation
layer for exactly this purpose, it splits large files into smaller =
segments
which can be accessed individually.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

&gt; Granted, Cleversafe has other nice features. But =
other
than changing &quot;the key management problem&quot; to &quot;the secret
information needed to get at the data, which won't be used as a crypto =
key&quot;
problem, I don't see how they've actually *solved* =
anything.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>If you consider any hypothetical conventional system =
for data
encryption and key management, it will almost surely suffer from one of =
the
following common problems, problems which are mitigated or eliminated by =
dispersal+aont:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Low =
reliability or
availability of key storage system<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Ease of =
physical compromise<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Vulnerability to malicious
or incompetent insiders<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Reliance =
on
asymmetric cryptography<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Reliance =
on passwords
which are either easy to forget or easy to brute =
force<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Complex =
procedures for
cycling and expiring keys<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal =
style=3D'margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 =
lfo1'><![if !supportLists]><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
style=3D'mso-list:Ignore'>-<font size=3D1 face=3D"Times New Roman"><span
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><span dir=3DLTR><font =
size=3D2
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Difficulty with
accessing off-line key shares<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>=A0<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

&gt; Further: If I'm only encrypting stuff for =
myself, there's
little reason to use multiple keys. The key management problem becomes
interesting when there is different encrypted data with different access =
rights
for different groups of users. It's beyond me how Cleversafe's approach =
makes
this easier - or harder.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

It actually becomes entirely about access rights and
authentication, as it should be. =A0The reason for data encryption is to =
serve as
a last line of defense for attacks that can circumvent authentication =
mechanisms.=A0
If it were impossible to open up your laptop and take its hard drive =
out, full
disk encryption wouldn=92t be needed.=A0 Likewise if it were physically =
impossible
to tap a connection, TLS would be unnecessary.=A0 =A0=A0Using the AONT =
with Dispersal
makes it such that bypassing the authentication system (by physically =
stealing
a machine holding slices, or remotely compromising it) is entirely =
fruitless. =A0Only
by getting access to a threshold number of devices (which we maintain is =
harder
than accessing a single location where one key is kept) can one get at =
the
data.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

I hope this helps to clarify the reason behind why we =
have
adopted this approach. =A0If you have any further questions don=92t =
hesitate to
ask.<o:p></o:p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Jason<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>P.S.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

Zooko cross-posted his original post to several =
threads. You
may wish to check out what has been said at the <a =
href=3D"">tahoe-dev at allmydata.org</a>
mailing list on this topic.<o:p></o:p>

</div>

</body>

</html>

------_=_NextPart_001_01CA0E8C.FBA44185--