[messaging] Tahoe-Lafs + miniLock: A device agnostic & user friendly zero knowledge file system?

totient at riseup.net totient at riseup.net
Tue Nov 4 09:48:27 PST 2014


On 2014-11-04 17:16, Ximin Luo wrote:
>> Hi, I haven't yet read through the rest of it, but my first comment is
>> that "zero-knowledge file system" sounds like mystical marketing
>> terminology. I haven't heard of this term before, and only found it in
>> reference to Spider Oak: https://spideroak.com/zero-knowledge/

Sorry for the misuse of terminology.  You're right that only Spider Oak 
uses that term, although it wasn't my intention to promote them (the 
opposite).  Perhaps the term "least authority" would be better?  
Currently, anyone can use gpg or miniLock to encrypt files, either 
symmetrically or asymmetrically, and upload them to, say Dropbox.  There 
isn't an open source, dead simple service that offers this, however.  
Tahoe-Lafs is great, but not dead simple for most users.  Additionally, 
if a user wants to access their files on multiple devices, they need to 
setup a gateway client that is always connected to the internet.

So, what I wrote is a very, very rough sketch of what a "least 
authority" file system could look like, that builds on the contributions 
of Tahoe-Lafs and miniLock, to create something that a novice user can 
access from any device with the installed browser extension, with only 
their email and password used for authentication and key derivation.

-totient

On 2014-11-04 17:16, Ximin Luo wrote:
> On 04/11/14 16:53, totient at riseup.net wrote:
>> Currently, there is no zero knowledge file system that is user 
>> friendly and fully open source.
>> 
> 
> Hi, I haven't yet read through the rest of it, but my first comment is
> that "zero-knowledge file system" sounds like mystical marketing
> terminology. I haven't heard of this term before, and only found it in
> reference to Spider Oak: https://spideroak.com/zero-knowledge/
> 
> This property is already satisfied by lots of other storage systems,
> including Tahoe that you mentioned, and might be more clearly
> described as "end-to-end encrypted storage". Calling it
> "zero-knowledge" makes it sound like something new and special, which
> it isn't, and is arguably a disservice to those other projects. (It
> tries to gain market share via unfair means.)
> 
> The term sounds like it is inappropriately trying to associate with
> the impressive-sounding nature of a "zero-knowledge proof/protocol",
> which (AIUI) is the original use of the term "zero-knowledge".
> However, end-to-end encrypted storage systems currently don't meet
> this property - they do authentication via signatures which are not
> "zero-knowledge" since it allows the verifier to prove to others that
> the prover/signer wrote the data. I am guessing Spider Oak is no
> different; they don't even mention these concepts in their definition
> of "zero-knowledge".
> 
> X
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging


More information about the Messaging mailing list