On Sun, Jun 1, 2014 at 10:14 PM, Leif Ryge <l...@synthesize.us> wrote:
… many interesting things, including his sketch for a successor to, or extension of, Tahoe-LAFS (chisel) … > ******************************* > *** BACK TO THE NEAR FUTURE *** > ******************************* … > I look forward to seeing Tahoe integrated with Tails, but I am a little bit > concerned about a potential pitfall which I think should be communicated to > users somehow: there is no way to delete the ciphertext of immutable files … > This is rather different from a typical access control based system where one > can simply change their password and/or ask the server to delete everything > quickly. We could implement this: add a feature that allows you to ask a server to quickly delete a ciphertext. This would be analogous to having a way to contact the owner of your SFTP server and ask her to delete a ciphertext that you earlier uploaded into the write-only incoming/ directory on that SFTP server. There are two or three practical engineering reasons that we haven't implement this, but the one I want to emphasize here is that we haven't implemented it because it doesn't provide good assurance of safety! If you contact the owner of the SFTP server and ask her to remove the ciphertext that you previously uploaded, and she writes back "Okay, I removed it.", then how do you know she actually deleted it? So, it isn't so much that Tahoe-LAFS is *less safe* than other alternatives in this way, as that we think those other alternatives are equally unsafe, and indeed it would offer a false sense of safety to add this feature. (Actually, Tahoe-LAFS is probably *more* safe than most alternatives, because every file and directory has an independent encryption key, so if a key of yours leaks or gets compromised, the exposure might be limited, and objects that are protected by other keys may remain safe.) Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters. _______________________________________________ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev