[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key revocation



Gleb Arshinov wrote:
> Side note -- I think enterprise is a killer market for tarsnap.  For
> multiple reasons -- cost efficiencies of deduplication, speed (in big
> part because of dedupication), standard tar interface, ease of use and
> automation (engineers are expensive), reliability, encryption model
> possibly allowing regulated industries to use the cloud (which they
> can't right now), encryption model handy for multiuser trust models,
> etc.

I don't want to limit Tarsnap to the enterprise market -- I got started
with Tarsnap because I wanted good backups for my personal use -- but I've
always figured that the more flexible I can make Tarsnap (especially by
having a tar interface so that it's compatible with existing shell scripts)
the more useful it would be in both the personal and enterprise arenas.
Judging by other backup services, I was starting to think that I was alone
in thinking this way -- good to know that I'm not. :-)

> Anyway, I think key revocation would be very handy for our use.  Two
> use cases.  One -- operations person leaves or gets fired.  At this
> point I want to do something equivalent to changing his password,
> which for tarsnap I'd imagine being implemented as key revocation.
> Much like password change key revocation would be fast, cheap and not
> a perfect solution, but it's better than the option of rearchiving
> everything with a different master key.  Two -- laptop with a copy
> master key is lost.  Chances of whoever finds it breaking local
> security and accessing tarsnap in under an hour --small.  Ability for
> us to clone the master key and revoke the original -- priceless.

Good points.  I've added this to my Tarsnap to-do list.  You won't be able
to change the encryption keys, of course, but changing the access keys
will be better than nothing and possibly enough for most people.

I think I can see how to hack this up in a few days, but only by painting
myself into a nasty corner; so I'd prefer to solve this "properly" after I
have some more server-side infrastructure in place... most likely some time
late summer.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid