Groove does this; they have a 30ish page white paper on security of document management. I have a few quibbles with their design (way too many crypto algorithms, and its not clear why, or if they might interact badly, and perhaps cert verification in a corporate environment could be better, but overall it looks very solid.)
http://www.groove.net/products/workspace/security.html Now if only they had a Mac client! Adam On Thu, Jan 16, 2003 at 09:38:04AM +0100, Birger Toedtmann wrote: | | Hi, | | can anyone pinpoint me to some papers on this - the Net did not show | up anything useful (and I hope it's not my lacking competence in using | Google). | | | I'd like to use a server to share documents between users. The users | are grouped, i.e. a user of group A should not be able to read the | docs of group B (if not a member of it). There are conceptually two | possible ways to design this: | | * use an "out-band-process" (an operating system watching over | file permissions, a web service verifying user credentials etc.) | | * use in-band crypto on the document itself, i.e. the "permissions" | are inherently tied to the bits it consists of | | I wanted to use the latter with a critical constraint: ease of deploy- | ment (at least in a sense) which basically means that we don't want | to write a new client but use freely available ones. So my first | guess was to PGP-encrypt the files on the server using the public | keys of the group-members. The server obviously should not have the | secret keys of them. I further assume that (a) a member-no-more takes | his secret key with him and (b) the server may be hacked but the hacker | should not be able to read the documents (but may corrupt/delete them). | | So far, so good. Now a user leaves a group. As the server is not | able to decrypt files and we don't want someone to decrypt 1000 files | of a group and re-encrypt them again with the members left, it would | be possible to just encrypt the already-crypted file again with the | "new" group of the remaining members (adding sort of a second armor). | Despite this being quite stressing for users if a file has some-20 | armors, I did not come up with an idea for adding *new* members to a | group.... | | | Well, maybe I'm already on the wrong track for this issue, so I | appreciate any suggestions or hints to sites/papers discussing these | problems. | | | Regards, | | Birger T�dtmann | | --------------------------------------------------------------------- | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- "It is seldom that liberty of any kind is lost all at once." -Hume --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
