I was reading the 'hack tahoe' page ( http://hacktahoe.org/csrf.html ), and I started wondering if or how time-based capabilities could be introduced. I think this is particularly important longer-term, as the capability model based around unguessable/unforgeable URL's is great from the mathematics and crypto perspective, but kinda flawed in the way humans work.
For instance, I might want to give someone write access to a directory for 6 months, then have it become immutable. From what I understand of Tahoe's current architecture, once you hand a client a write cap, you've got it for all time. the AFS distributed filesystem, which was designed to function with trusted servers, a hostile network, and potential hostile or compromised clients only gives you time-limited access to read/write a file. Obviously if you download/cache the file, you've got it for all time, but you are blocked from getting anything new you don't have in cache after your tokens expire. And you definitely can't write to it. This limits the exposure of a compromised client... if I have my read/write cap on my iphone or laptop, and it gets stolen, I really don't want my 'authority' going with that piece of hardware. This is where I start wondering how Tahoe could be integrated with Kerberos to provide authentication, and time-limited tokens. Any thoughts ? _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
