Add proposal on how to generate upload secret.

2025-04-24 04:55:53 +00:00 · 2021-10-22 10:32:44 -04:00 · 2021-10-22 10:32:44 -04:00 · e0c8bab5d7
commit e0c8bab5d7
parent 61a20e2450
1 changed files with 14 additions and 1 deletions
--- a/docs/proposed/http-storage-node-protocol.rst
+++ b/docs/proposed/http-storage-node-protocol.rst
@ -459,7 +459,13 @@ For example::

  {"already-have": [1, ...], "allocated": [7, ...]}

-The session secret is an opaque _byte_ string.
+The uplaod secret is an opaque _byte_ string.
+It will be generated by hashing a combination of:b
+
+1. A tag.
+2. The storage index, so it's unique across different source files.
+3. The server ID, so it's unique across different servers.
+4. The convergence secret, so that servers can't guess the upload secret for other servers.

 Discussion
 ``````````
@ -492,6 +498,13 @@ In the short term, they can just be a random byte string.
 The key security constraint is that each upload to each server has its own, unique upload key,
 tied to uploading that particular storage index to this particular server.

+Rejected designs for upload secrets:
+
+* Upload secret per share number.
+  In order to make the secret unguessable by attackers, which includes other servers,
+  it must contain randomness.
+  Randomness means there is no need to have a secret per share, since adding share-specific content to randomness doesn't actually make the secret any better.
+
 ``PATCH /v1/immutable/:storage_index/:share_number``
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!