[tahoe-dev] [tahoe-lafs] #990: Web gateway should keep its caches encrypted
tahoe-lafs
trac at allmydata.org
Thu Mar 11 11:37:57 PST 2010
#990: Web gateway should keep its caches encrypted
---------------------+------------------------------------------------------
Reporter: jsgf | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.6.0
Keywords: | Launchpad_bug:
---------------------+------------------------------------------------------
The web gateway will (on occasion) locally cache files in unencrypted
form, such as handling ranged GET requests.
Now in normal use that's perfectly OK because web gateways are trusted
with our unencrypted data and so having the data present in that form
should be OK.
But my mental model of a gateway machine is that it's just a stateless
waypoint which doesn't store anything local. If I have a setup where
there's a gateway machine within my network serving several machines, I
would expect it to not have any persistent memory of my data, and so when
it comes time to replace the HD I don't need to worry about scrubbing the
disk, at least for Tahoe's sake. (Let's assume swap has been dealt with.)
Therefore, I think the gateway should keep the cache files encrypted and
only decrypt them on the fly as they're being sent to its clients. I'm
not sure what the key should be, but it should be per-file and transient
(derived from the cap/root hash/something else?) rather than some local
state (which would defeat the purpose of encrypting in the first place).
Could possibly be handled as part of the downloader rewrite of #798?
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/990>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list