[tahoe-dev] Tahoe Access Control
James A. Donald
jamesd at echeque.com
Mon Jun 6 15:55:43 PDT 2011
On 2011-06-06 3:57 AM, Brandon Meskimen wrote:
> I would like to stay away from the HTTP Proxy server because if i understand
> correctly, whoever has control of the HTTP Proxiy could leak that
> information. I would like to keep the more complex file properties like who
> access it (already has), when it was created(already has), and most
> importantly, how many people have access to that file.
Two people can keep a secret, if one of them is dead.
There are secrets, shared secrets, widely shared secrets (shibboleths),
and public information. Shared secrets have a tendency to become widely
shared secrets, and there is no technical solution for this problem.
This is not to say that it is not useful to try to limit the circulation
of a shibboleth. It is often very useful, but "how many people have
access" implies an improbable and unreasonable level of control.
More information about the tahoe-dev
mailing list