Troy: While I appreciate the sentiment, I'm not sure that a Denial-of- Service attack on academia is the right approach. ;-)
Instead, I wrote a short personal email to lead author of HAIL, Kevin Bowers, who as it turns out is a researcher at RSA which has been bought by EMC. Another Next Step is the presentation on Tahoe-LAFS that Brian and I are giving at RSA Conference 2010 in March. RSA Conference, or at least the part of it that we are presenting in, is an industrial rather than academic conference, but still I'm sure presenting there will make Tahoe-LAFS more widely known within the security community. However, I've been thinking that maybe the security community is the wrong market. Most users, I've come to believe, will instinctively reach for the *other* tool if one of the tools is labelled as "secure". This may sound strange, but I think it is true and that there is a good reason for it. Users know that a tool which comes with a "security" sticker on it means more hoops they have to jump through before they can get their work done: pop-up dialogs asking "Are you sure?", key-management hassle, access-denied errors, etc.. They also know that most of the time bad guys aren't going to be attacking them and most of the time this tool isn't going to be the weakest link in the chain anyway. In short, users are rational and correct when they pass over the products with "security" in favor of the products with "get your job done today". Now we have always tried with Tahoe-LAFS to make something which provides security *without* introducing lots of hassle. I think we've at least partially succeeded (although I'm still alert for more evidence from the field to indicate what's working and what isn't). So maybe we should find some way to appeal to those people who just want a reliable and easy-to-use cloud storage tool and don't want an extra helping of "security". Regards, Zooko _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
