| Thread Previous • Date Previous • Date Next • Thread Next |
On Tuesday 06 July 2010 07:23 AM, Karthik Swaminathan Nagaraj wrote:
I think that these assumptions and policies are okay for the design. If we are able to think of a better model, we could incorporate it in the future. I was thinking that if the web server itself is crafted as a separate application from the server, it could be run by the user at a more trusted local location. Eg: I can run my own web server on my machine for accessing my files. I still do not need to provide space but I still maintain all my security guarantees if only "my" server handles my key. If its small and portable, maybe we could even ship it with a small web server - like the python web server!The web application is there to anyway provide simple access to the files.And the storage server would also be running a copy of the webserver for those who want to use that functionality after understanding the risks.
It seems that there is a misunderstanding here. There are two components to the server software.
1) One is the part that interacts with AA clients and updates data on the server. This part is not to be trusted with keys at any point. 2) A user interface for "users" (not client s/w), that is a simple interface that can be used by users to manipulate/manage their attic. Here users are required to trust the server after understanding the risks.
Conceivably, (1) can be decoupled from a web server. No point in decoupling (2), for the use case you gave, because everything is on one machine. However, I think the feature of allowing the same machine to run the server s/w and the client s/w, w/o a webserver, does not seem to have a good use case. After all it is a backup tool. Running with a webserver on the same machine, could conceivably be used to test the software before a production deployment.
So, I think we can consider decoupling server work from the webserver as a wishlist feature, at most.
-- Aditya.
| Thread Previous • Date Previous • Date Next • Thread Next |
