I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the


IESG. Document editors and WG chairs should treat these comments just

like any other last call comments.

SECURITY




This is a survey of existing systems and as such does not require a security considerations as there is nothing to build.




However, the draft does analyze the security of the existing schemes and as such seems to be looking at this from the point of view of how the systems implement existing security schemes appropriate for file stores. I don't think this is sufficient or particularly useful.







I can see outsourced storage being used in various ways:




1) As a filestore replacement




2) As an emergency backup.




3) As a latency reducer




Lets leave 3 to one side for a moment.




Support for ACLs and such is only really relevant for 1. Local storage is cheap though and my main interest is actually 2 more than 1. A system with no security is fine with me as I can layer whatever security I need on with cryptography.







The security problem as I see it then is to do with how the customer and outsourcer interact and issues of the form




Customer: Those aren't my bits you gave me!




Outsourcer: Oh yes they are!

Lawyer1: Prove it!




Lawyer 2: Prove it!




See where this is headed?







Case 3 has an even more tenuous connection between the provider, consumer and storage provider. Do we even have a commitment to support storage of anyone's bits? What are the liabilities if corruption ensues?




-- 

Website: 

http://hallambaker.com/