#990: Web gateway should keep its caches encrypted
---------------------+------------------------------------------------------
Reporter: jsgf | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.6.0
Keywords: | Launchpad_bug:
---------------------+------------------------------------------------------
The web gateway will (on occasion) locally cache files in unencrypted
form, such as handling ranged GET requests.
Now in normal use that's perfectly OK because web gateways are trusted
with our unencrypted data and so having the data present in that form
should be OK.
But my mental model of a gateway machine is that it's just a stateless
waypoint which doesn't store anything local. If I have a setup where
there's a gateway machine within my network serving several machines, I
would expect it to not have any persistent memory of my data, and so when
it comes time to replace the HD I don't need to worry about scrubbing the
disk, at least for Tahoe's sake. (Let's assume swap has been dealt with.)
Therefore, I think the gateway should keep the cache files encrypted and
only decrypt them on the fly as they're being sent to its clients. I'm
not sure what the key should be, but it should be per-file and transient
(derived from the cap/root hash/something else?) rather than some local
state (which would defeat the purpose of encrypting in the first place).
Could possibly be handled as part of the downloader rewrite of #798?
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/990>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
