ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-05-31 23:00:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: a few edits/updates about dirnodes

Browse Source
This commit is contained in:
Zooko O'Whielacronx 2009-04-13 09:08:37 -07:00
parent 9ccdb05e00
commit a2f34b4e1a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/specifications/dirnodes.txt
View File

@ -238,7 +238,7 @@ How well does this design meet the goals?
=== Confidentiality leaks in the vdrive server === === Confidentiality leaks in the storage servers ===
Dirnode (and the mutable files upon which they are based) are very private Dirnode (and the mutable files upon which they are based) are very private
against other clients: traffic between the client and the storage servers is against other clients: traffic between the client and the storage servers is
@ -259,7 +259,7 @@ attacker may be able to build up a graph with the same shape as the plaintext
filesystem, but with unlabeled edges and unknown file contents. filesystem, but with unlabeled edges and unknown file contents.
=== Integrity failures in the vdrive server === === Integrity failures in the storage servers ===
The mutable file's integrity mechanism (RSA signature on the hash of the file The mutable file's integrity mechanism (RSA signature on the hash of the file
contents) prevents the storage server from modifying the dirnode's contents contents) prevents the storage server from modifying the dirnode's contents
@ -268,8 +268,8 @@ unavailable, but not corrupt it.
A sufficient number of colluding storage servers can perform a rollback A sufficient number of colluding storage servers can perform a rollback
attack: replace all shares of the whole mutable file with an earlier version. attack: replace all shares of the whole mutable file with an earlier version.
TODO: To prevent this, when retrieving the contents of a mutable file, the To prevent this, when retrieving the contents of a mutable file, the
client should query more servers than necessary and use the highest available client queries more servers than necessary and uses the highest available
version number. This insures that one or two misbehaving storage servers version number. This insures that one or two misbehaving storage servers
cannot cause this rollback on their own. cannot cause this rollback on their own.