Michael Militzer writes: > Data availability, privacy and also censorship resistance must be > verifiable. In addition, a secure storage system must withstand > adversarial attacks. A direct consequence of this is that the peer > software and protocol must be open-source. A storage system built around a > secret protocol and proprietary software cannot be trusted.
I'm not convinced that OSD-approved licensing (which is what I assume you mean by "open-source") necessarily or exclusively correlates with trustworthiness. Plenty of open source software is untrustworthy, and at least some proprietary software is at least as trustworthy as the most trustworthy open source software. Nor is closed-source software really as "closed" to security scrutiny as people believe, and nor is open source as open to security scrutiny as people believe. That said, of course, I want open source software too. :) > Allmydata/Tahoe: > > The only true open-source contender I know of. Unfortunately, not really > targeted towards a global-scale network of untrusted nodes. Also, no > particular measures to withstand adversarial attacks (but is also not > needed when deployed in a trusted environment). I think Tahoe-LAFS has pretty good defenses against a range of attacks on confidentiality, integrity, and availability. What do you find insufficient about its defense measures? You might also want to look at David Mazières' SFS. It was a bit ahead of its time, and so is sometimes forgotten. But it deserves a good look, and maybe resuscitation. > I haven't found a P2P backup solution that has: > > - Deployability on a global scale with untrusted nodes > - Secure, private and persistent data storage > - Open-source protocol and software > - Censorship-resistance > - Resiliency to adversarial attacks > - Reasonably simple and manageable design Tahoe has all but the last item (and maybe that is fixable). SFS has all of them, but lacks (as far as I can tell) a maintained, recent implementation. -- http://noncombatant.org/ "These days, though, you have to be pretty technical before you can even aspire to crudeness." --- William Gibson _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
