As Zooko pointed out, our main requirements are: * short signing key, so writecaps are short * short verifying key, so readcaps are short (note that confidentiality requires a second cryptovalue in the readcap, which adds pressure on the verifying key length) * fast keypair generation, so mkdir is fast
Other would-be-nice-to-have features: * intermediate keys, which would give us readcaps with just one cryptovalue * short signatures, which would make other (non-mutable-file) uses of this algorithm less cumbersome, specifically URLs which contain "my-right-to-consume-storage" Accounting certificate chains * fast signature generation/checking, to make mutfile/dirnode operations faster in general And of course, the number one feature: * a working, stable implementation in pycryptopp According to http://allmydata.org/trac/tahoe/ticket/331 , we've been waiting 18 months for this one, so at this point I'm willing to go with a generally-considered-secure-but-lacking-strong-proof algorithm over a has-strong-proof-but-no-implementations one :-). cheers, -Brian _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
