On 04/06/16 22:16, Gavin Wahl wrote: > I'm curious how delete and nuke permissions can be granted independently. Is > there a separate HMAC key that just allows nukes > (http://www.tarsnap.com/crypto.html states that there are only three HMAC > keys, though). > > Also, how is this feature expected to be useful? Is there some interesting > security property you get by having a key with delete but not nuke, or vice > versa?
Being able to delete a single archive requires being able to read archives; otherwise you can't figure out which bits need to be deleted. But nuking everything doesn't need that. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
