[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key revocation

To: Gleb Arshinov <gleb.lists@pluron.com>
Subject: Re: Key revocation
From: Colin Percival <cperciva@tarsnap.com>
Date: Thu, 29 Apr 2010 18:06:33 -0700
Cc: tarsnap-users@tarsnap.com
In-reply-to: <w2j21e991821004291707o850297eaw227eb92e8f40c51@mail.gmail.com>
Mailing-list: contact tarsnap-users-help@tarsnap.com; run by ezmlm
References: <w2j21e991821004291707o850297eaw227eb92e8f40c51@mail.gmail.com>

Gleb Arshinov wrote:
> Side note -- I think enterprise is a killer market for tarsnap.  For
> multiple reasons -- cost efficiencies of deduplication, speed (in big
> part because of dedupication), standard tar interface, ease of use and
> automation (engineers are expensive), reliability, encryption model
> possibly allowing regulated industries to use the cloud (which they
> can't right now), encryption model handy for multiuser trust models,
> etc.

I don't want to limit Tarsnap to the enterprise market -- I got started
with Tarsnap because I wanted good backups for my personal use -- but I've
always figured that the more flexible I can make Tarsnap (especially by
having a tar interface so that it's compatible with existing shell scripts)
the more useful it would be in both the personal and enterprise arenas.
Judging by other backup services, I was starting to think that I was alone
in thinking this way -- good to know that I'm not. :-)

> Anyway, I think key revocation would be very handy for our use.  Two
> use cases.  One -- operations person leaves or gets fired.  At this
> point I want to do something equivalent to changing his password,
> which for tarsnap I'd imagine being implemented as key revocation.
> Much like password change key revocation would be fast, cheap and not
> a perfect solution, but it's better than the option of rearchiving
> everything with a different master key.  Two -- laptop with a copy
> master key is lost.  Chances of whoever finds it breaking local
> security and accessing tarsnap in under an hour --small.  Ability for
> us to clone the master key and revoke the original -- priceless.

Good points.  I've added this to my Tarsnap to-do list.  You won't be able
to change the encryption keys, of course, but changing the access keys
will be better than nothing and possibly enough for most people.

I think I can see how to hack this up in a few days, but only by painting
myself into a nasty corner; so I'd prefer to solve this "properly" after I
have some more server-side infrastructure in place... most likely some time
late summer.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid

Follow-Ups:
- Re: Key revocation
  - From: Colin Percival <cperciva@tarsnap.com>

References:
- Key revocation
  - From: Gleb Arshinov <gleb.lists@pluron.com>

Prev by Date: Re: fsck w/out delete privilege
Next by Date: Re: Key revocation
Previous by thread: Key revocation
Next by thread: Re: Key revocation
Index(es):
- Date
- Thread