"Zooko O'Whielacronx" <zoo...@gmail.com> writes: > It is helpful to phrase the question in such precise terms. Now that I > understand it, my answer is that you basically can't protect > information that you send to a remote host, from the owner of that > host. I like to mentally model it as talking to a remote guy and > telling him facts, words, numbers, and asking him to remember them and > tell them back to you later. You can't effectively enforce any > controls on what else that guy does with those facts, words, numbers. > You can't prevent him from thinking about them, and you can't prevent > him from telling them to other people.
True, but there is a place for a system that has technical controls and also legal controls (e.g., hosting providers that agree to nondisclosure). Relying on that alone would be foolish, but the provider keeping the ciphertext confidential helps.[1] > Now, what we do in Tahoe-LAFS is, we never tell the guy the actual > words (cleartext) that make up our files! Encrypt everything, tell him > the ciphertext, and then don't worry about what he does with the > ciphertext. Mostly true, but the remote person does know the approximate size of files, and by watching access patterns can probably reconstruct a hierarchy of the fs, albeit with opaque names and opaque contents. I think that's ok though, because protecting against that is very very expensive.[2] Note that [1] helps with [2].
pgpTjdrN5yWCZ.pgp
Description: PGP signature
_______________________________________________ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
