Hmm, i can think of a lot of situations where i might want to have access to my
stuff without being dependent on some technical aid that i have to have on me
all the time. Actually thats one of the best things about storing things in a
cloud. For me it's not too hard to imagine situations where that could be
useful: you are on a trip and all of your stuff is stolen. but you got copies
of your travel documents in some cloud storage. you just download them and
prove you have a visa / permission or whatever. sure, i could have stored them
on my google drive or my dropbox, but for its advantages over corporate
services like that, i decided to use tahoe, where i have set up a storage grid
with my friends. since i have no means to recover the URI's of my Tahoe
storage, i cannot access my files.
I understand the rigid approach
you guys have towards security issues, and it's a personal decision to bypass
them (i could just point my webserver using a memorable url to display the
aliases). i just wonder if there is no middleground to that. something like TAN
which allows a possible security breach once to recover the URI's ... i dont
know anything about the academic theories behind this kind of mechanisms, but i
would think you guys do.
I got the feeling that there is a great potential in Tahoe, for different kind
of security demands. Personally i would still prefer using Tahoe - for the
storage backend capabilities - if it had just the same security on the webui
part of something like GDrive or Dropbox, i log in with a username and a
password and and i can access my stuff. I can imagine that this sounds horrible
to you guys in terms of security, but i am already happy to know that my stuff
is stored redundantly and encrypted so the people providing each other the
storage
space cannot access the data.
Maybe it's just the wrong kind of software i am trying to use for what i want
to achieve, or i should just bypass some of tahoes security features by letting
me display my aliases ... still, for me and i guess a lot of other people,
there is definitely demand for something maybe not as secure as intended by
tahoe but still a lot better than using dropbox or googledrive. it's ok to
educate people about what "real" security means, but somehow i dont understand
the "use-it-in-the-super-secure-way-or-dont-use-it-at-all" kind of attitude...
________________________________
From: Greg Troxel <g...@ir.bbn.com>
To: till <til...@yahoo.com>
Cc: Tahoe-LAFS development <tahoe-dev@tahoe-lafs.org>
Sent: Tuesday, June 18, 2013 1:39 PM
Subject: Re: [tahoe-dev] Tahoe WUI enhancement suggestion
till <til...@yahoo.com> writes:
> To explain this a little better: I am wondering if access to my Files
> on tahoe is tied to the necessity of carrying around some sort of
> technical device with me to store the URI's, which are not possible to
> memorize.
So the real question here is what security properties are you trying to
get, and why?
One use case:
You have a computer that can access your files with credentials
stored
on it, in a .tahoe/private/aliases file. You have access to a grid,
some of which might be your computers, but you don't (necessarily) trust
those computers for confidentiality. Here, you can access your files
From the first computer.
Another use case:
You don't want to trust most of your computers with storing keys
(aliased URIs). But you carry around a small encrypted fs somehow and
use a few different computers (all of which you trust) to acesss your
files.
> So if i am on the road, i have no smartphone, no thumb drive, but
> internet access through browser only (no shell and no SSH:
> i.e. internet-cafe), there is no secure means how i could access to my
> stuff, except for printing out the URI's on a slip of paper that i
> carry around and typing them in - (assuming that i have access to the
> wui from the internet)?
So here I am boggled: this
use case makes no sense at all. The notions
of "securely accessing" and "internet cafe" are incompatible. Part of
the point of tahoe is to be able to use nodes for storage when you do
not trust them for confidentiality. So then you are talking about
using a computer that cannot be reasonably trusted to maintain
confidentiality? If you're willing to use that, why do you need
confidentiality for your bits at all?
_______________________________________________
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
