[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3820: Add a session key for immutable uploads
Tahoe-LAFS
trac at tahoe-lafs.org
Fri Oct 22 13:40:45 UTC 2021
#3820: Add a session key for immutable uploads
----------------------+---------------------------------------
Reporter: itamarst | Owner:
Type: task | Status: new
Priority: normal | Milestone: HTTP Storage Protocol
Component: unknown | Version: n/a
Keywords: | Launchpad Bug:
----------------------+---------------------------------------
The current design of the GBS HTTP protocol for uploading buckets
establishes continuity for the series of writes and/or abort by relying on
the storage index. Insofar as an untrusted third party knows the storage
index (perhaps another storage server?), that third party can mess with
the upload, e.g. abort it half-way.
This suggests that there is some need for a shared secret tied to each
individual client->server upload.
There are two possible high-level approaches:
1. The server chooses a session key and shares it with client.
2. The client chooses the session key.
The second pattern matches existing Tahoe-LAFS interaction patterns, so
that is what we'll go with as first pass.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3820>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list