Zooko Wilcox-O'Hearn wrote: > As a thought experiment, consider that one *could* write a new layer > on top of Tahoe-LAFS that used secret-sharing to split a cap into > secret shares. Then the composition of the Tahoe-LAFS "secure > distributed storage" layer along with the secret-sharing of the cap > would have similar properties to Cleversafe. I've often wanted to do > that so that users of allmydata.com's backup services would have a > third option instead of just "allmydata.com keeps my key safe for me" > and "I keep my own key and take my chances". The reason I never did > it yet is that I don't see how to integrate it smoothly enough into > UI/customer experience/etc. How would a customer who wants to backup > their files to allmydata.com deliver the various shares of their > secret to various locations -- email them to friends? It sounds like > too much confusion and too much work for the average backup customer, > who after all is really trying to buy simplicity and peace-of-mind, > not to invest a lot of time learning a new tool!
For off-line backup, the security property I want is that I can perform backups, which do not overwrite any information, using a key that is stored on-line, but need a separate key (that cannot be derived from the first) to retrieve the data as it existed on a given date. Since I can store the retrieval key off-line, being able to use secret sharing for it is only a nice-to-have feature, not essential. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
