[tahoe-dev] [tahoe-lafs] #684: let client specify the encryption key

[Zooko Wilcox-O'Hearn]

On May 24, 2009, at 10:27 AM, Shawn Willden wrote:

> At present, I don't think I do.  It allowed a useful space  
> optimization for my read cap index files, but for other reasons  
> I've done away with that.

Could you tell me more about how it allowed space optimization?  (I  
can think of a way, but I'm curious how you did it.)  Also could you  
explain your reasons not to use that space optimization technique  
after all?

> However, I wouldn't be surprised if someone else finds a need for  
> it, and I disagree that it's a particularly dangerous feature.   
> There are a LOT of things that someone writing a client can do to  
> screw themselves, this is just another of them.

Ah, I definitely disagree with this.  I think Tahoe might be unique  
in the way that it enables people to use strong cryptography in a  
flexible access control model without requiring them to learn  
sophisticated "key management" techniques.  Whether it really  
succeeds at this or not is a matter of empirical evidence, so I'm  
waiting to find out how many people shoot themselves in the foot with  
it before writing it up and claiming that it is a success story.  :-)

But, if you can provide other examples of how people writing atop  
Tahoe might mess up, I would really like to hear it.  Your experience  
in actually doing so (writing, that is, not messing-up) are valuable  
and I'd love to get some notes from you while they are still  
relatively fresh in your mind.

> For now, though, I don't think there's a need for it.

Okay, let's leave it out of the API, at least for the next stable  
release.

Regards,

Zooko