[tahoe-dev] Bringing Tahoe ideas to HTTP

Zooko Wilcox-O'Hearn zooko at zooko.com
Wed Sep 2 08:27:28 PDT 2009 

Dear Fuzzy Hoodie-Monster:

On Tuesday,2009-09-01, at 13:35 , Fuzzy Hoodie-Monster wrote:

> I still say making names be secrets is a losing strategy.  
> Especially if they are actually URLs in actual web pages. Having  
> sensitive information in URLs is a bug.

A lot of people feel this way, so I'm glad we have you around on the  
tahoe-dev list to remind us of this widespread opinion.  ;-)

Brian's proposal to add end-to-end authentication to the Web doesn't  
require putting secret information into the URLs.  The proposal to  
add end-to-end confidentiality to the Web does.  The end-to-end  
authentication is also backwards-compatible with the existing web  
agents -- they all ignore the authentication information in the URL  
fragment and go ahead and accept the document without authenticating  
it.  (I suppose there could be a problem with web apps that are  
already using the URL fragment for something else.)  The proposal to  
add end-to-end confidentiality is not backwards-compatible.  If you  
were to publish a file with that feature, then nobody would be able  
to read it with an old web browser or an old version of wget, etc.

> More on document integrity: I've heard of a proposal called HTTPA  
> ("authenticated") that is like your hash tag idea, except the hash  
> is stored as an attribute in an <a ...> tag: <a href="whatevs.html"  
> hash="DEADBEEF">Whatevs</a>.

Thanks for bringing this "HTTPA" proposal to my attention!  This  
would give you an integrity guarantee that the whatevs.html page that  
you get was indeed the one that the author of this page intended.   
But how would you share the whatevs.html page with a friend of yours  
in such a way that your friend would get an integrity guarantee that  
he was looking at the page that you intended?  I guess you would have  
to create an HTML page and set the "hash" attribute and then, um,  
send that HTML page (not a link to it) directly to your friend.

In Brian's proposal to add end-to-end authentication to the Web using  
the URL fragment, if you are looking at a page and you want to share  
it with your friend, you simply do the thing that you always do --  
copy the URL and send the URL to your friend.  That URL comes with an  
integrity guarantee that your friends web browser could check which  
would prove that the page he is seeing is the one you intended.

> I thought Merkle trees were a cause of bad alacrity?
> http://allmydata.org/trac/tahoe/ticket/670

The Merkle tree data structure itself is a way to get better  
alacrity.  However, the current implementation in the Tahoe-LAFS  
client downloads the entire data structure instead of just the part  
of the Merkle Tree that it needs.

If anyone is interested in fixing this, here is the function that  
currently dumbly grabs the whole tree and that could be improved by  
fetching only the specified subset of it:

http://allmydata.org/trac/tahoe/browser/src/allmydata/immutable/ 
layout.py?rev=4048#L415

:-)

Regards,

Zooko

More information about the tahoe-dev mailing list