[tahoe-dev] Tahoe WUI enhancement suggestion

Greg Troxel gdt at ir.bbn.com
Tue Jun 18 11:39:27 UTC 2013


till <tilllt at yahoo.com> writes:

> To explain this a little better: I am wondering if access to my Files
> on tahoe is tied to the necessity of carrying around some sort of
> technical device with me to store the URI's, which are not possible to
> memorize.

So the real question here is what security properties are you trying to
get, and why?

One use case:

You have a computer that can access your files with credentials stored
on it, in a .tahoe/private/aliases file.  You have access to a grid,
some of which might be your computers, but you don't (necessarily) trust
those computers for confidentiality.  Here, you can access your files
From the first computer.

Another use case:

You don't want to trust most of your computers with storing keys
(aliased URIs).  But you carry around a small encrypted fs somehow and
use a few different computers (all of which you trust) to acesss your
files.

> So if i am on the road, i have no smartphone, no thumb drive, but
> internet access through browser only (no shell and no SSH:
> i.e. internet-cafe), there is no secure means how i could access to my
> stuff, except for printing out the URI's on a slip of paper that i
> carry around and typing them in - (assuming that i have access to the
> wui from the internet)?

So here I am boggled: this use case makes no sense at all.  The notions
of "securely accessing" and "internet cafe" are incompatible.  Part of
the point of tahoe is to be able to use nodes for storage when you do
not trust them for confidentiality.   So then you are talking about
using a computer that cannot be reasonably trusted to maintain
confidentiality?   If you're willing to use that, why do you need
confidentiality for your bits at all?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130618/198832b1/attachment.pgp>


More information about the tahoe-dev mailing list