[darcs-users] decentralized darcs repository
Trent W. Buck
trentbuck at gmail.com
Fri Jan 16 00:06:50 UTC 2009
"Zooko O'Whielacronx" <zookog at gmail.com> writes:
> cool thing #3: That URL contains a symmetric encryption secret, and all
> files stored in that directory are encrypted with it. If you give the URL
> to someone, they can read the contents of the files, but if they aren't
> given the URL, they can't. The operators of the storage servers which are
> storing the files can't (unless someone gives them the URL). This isn't
> especially useful for the darcs darcs repository, but you could imagine if
> you had a private repository that you didn't want the world to see, you
> could use this property.
I can immediately see how the other properties are useful, but I have a
hard time believing that you will keep a URL secret. Have you
investigated ways URLs are disclosed to third parties, both deliberately
"Hey Fred, look at this cool repo!" and accidentally "Hey, someone
visited my site directly from <secret URL>, so now it's in my
httpd.log!"
What benefits does this give over "traditional" security methods such as
restricting by originating IP, by username and password (over e.g. SSL),
or kerberos?
(Maybe you already have a paper or wiki article on this, in which case a
link would be sufficient to satisfy my curiosity.)
> There's one not-so-cool thing about it: it is slow! I assume that the
> slow speed of "darcs get --lazy URL" is due to the combination of
> darcs making many separate requests and Tahoe taking a fraction of a
> second longer to answer each one than Apache would.
Have you tested this theory by using a different client (e.g. curl),
tweaking that clients properties, and watching the packets go by
(e.g. wireshark)?
> That's only an assumption on my part, though -- actual timings or
> other diagnostics would be appreciated.
I guess not :-)
More information about the darcs-users
mailing list