From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain Date: Wed, 4 Feb 2009 17:24:44 -0800 From: "Roman V. Shaposhnik" In-reply-to: <020320091730.1605.49887F250006CB500000064522230703629B0A02D2089B9A019C04040A0DBF9B9D0E9A9B9C040D@att.net> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-id: <1233797084.4550.155.camel@goose.sun.com> References: <020320091730.1605.49887F250006CB500000064522230703629B0A02D2089B9A019C04040A0DBF9B9D0E9A9B9C040D@att.net> Subject: Re: [9fans] Sources Gone? Topicbox-Message-UUID: 958d6b80-ead4-11e9-9d60-3106f5b1d025 On Tue, 2009-02-03 at 17:30 +0000, Brian L. Stuart wrote: > > information can't leak in principle, but root scores are dangerous, which > > is why open-access venti servers are problematic - if such a score > > *does* happen to leak, then unconditional access to all your data has > > also leaked. > > If I understand correctly, this line of discussion > is primarily motivated by the idea of an open-access > venti server. Correct. But with this caveat: I only care about the blocks that are part of vac structures. Erik keeps reminding us that venti doesn't care about what's in the blocks. True. But now, I've drawn a line. There's only one type of blocks that I'm interested in -- blocks which are part of vac structures. > The venti itself doesn't need to be open- > access if there's a proxy server that is. Absolutely! > Maybe I'm misunderstanding the problem we're trying > to solve, but if the objective is to provide open > venti access but the necessary protection mechanisms > really belong elsewhere, it seems reasonable to > create the elsewhere and not incorporate them into > venti. Looks like we're in a complete agreement. And thanks for the summary! Thanks, Roman.