On 2014-11-04 17:16, Ximin Luo wrote:
Hi, I haven't yet read through the rest of it, but my first comment is
that "zero-knowledge file system" sounds like mystical marketing
terminology. I haven't heard of this term before, and only found it in
reference to Spider Oak: https://spideroak.com/zero-knowledge/
Sorry for the misuse of terminology. You're right that only Spider Oak
uses that term, although it wasn't my intention to promote them (the
opposite). Perhaps the term "least authority" would be better?
Currently, anyone can use gpg or miniLock to encrypt files, either
symmetrically or asymmetrically, and upload them to, say Dropbox. There
isn't an open source, dead simple service that offers this, however.
Tahoe-Lafs is great, but not dead simple for most users. Additionally,
if a user wants to access their files on multiple devices, they need to
setup a gateway client that is always connected to the internet.
So, what I wrote is a very, very rough sketch of what a "least
authority" file system could look like, that builds on the contributions
of Tahoe-Lafs and miniLock, to create something that a novice user can
access from any device with the installed browser extension, with only
their email and password used for authentication and key derivation.
-totient
On 2014-11-04 17:16, Ximin Luo wrote:
On 04/11/14 16:53, [email protected] wrote:
Currently, there is no zero knowledge file system that is user
friendly and fully open source.
Hi, I haven't yet read through the rest of it, but my first comment is
that "zero-knowledge file system" sounds like mystical marketing
terminology. I haven't heard of this term before, and only found it in
reference to Spider Oak: https://spideroak.com/zero-knowledge/
This property is already satisfied by lots of other storage systems,
including Tahoe that you mentioned, and might be more clearly
described as "end-to-end encrypted storage". Calling it
"zero-knowledge" makes it sound like something new and special, which
it isn't, and is arguably a disservice to those other projects. (It
tries to gain market share via unfair means.)
The term sounds like it is inappropriately trying to associate with
the impressive-sounding nature of a "zero-knowledge proof/protocol",
which (AIUI) is the original use of the term "zero-knowledge".
However, end-to-end encrypted storage systems currently don't meet
this property - they do authentication via signatures which are not
"zero-knowledge" since it allows the verifier to prove to others that
the prover/signer wrote the data. I am guessing Spider Oak is no
different; they don't even mention these concepts in their definition
of "zero-knowledge".
X
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
