[tahoe-dev] Capability of a file could be changed in deep-copy??
Brian Warner
warner at lothar.com
Mon Jan 17 04:52:27 UTC 2011
On 1/16/11 8:39 PM, Shawn Willden wrote:
> Removing the image folder doesn't help, either, because even without the
> directory node, Bob could have saved the caps of the files themselves.
> The only way for Alice to make them inaccessible to Bob is to wait
> until expiration removes the shares of the images -- which assumes that
> she doesn't have them referenced from some other directory which she's
> periodically renewing leases on, and assumes that the storage servers
> have expiration turned on.
It also assumes that Bob didn't establish his own leases on those
shares. Anyone who holds a readcap can renew their own lease on the
shares of that file: if they can read it today, they have the right to
keep it alive so they can read it next month.
> However, in the same way that Bob could have saved copies of the file
> caps, he could also have saved copies of the files themselves. In
> general, it's really not possible to remove access to data. You can
> refuse to give access to new data, but one someone has had access to a
> given piece of information, you have to assume that if they want it,
> they have it forever because they could have copied. it.
Well stated!
cheers,
-Brian
More information about the tahoe-dev
mailing list