FreenetWiki : InversePassiveRequests

HomePage :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

Inverse Passive Requests


Hypothetical, and possibly insecure, mechanism for improved persistence of data. Similar to PassiveRequests, but upside-down: instead of remembering who wants the data, we'd remember who has it. A node whose clients want to upload semi-permanent data would do an insert with a special flag. If the flag is set, the nodes would remember who sent the data: when the data is purged from the store by the LRU, the memory of who sent the data remains. If the node gets a request for the data, it can retrieve it from the old path. The insert is critical here: there must be a bandwidth cost, and proof that the data existed in the first place, otherwise this sort of mechanism is way too easy to overflow. Obviously this sort of data would have to persist (and therefore be cancellable), and it represents a security risk for the inserter in that there is a persistent trail leading back to him, if his adversary compromises each node on the chain and retrieves the intact data. There may be other security issues (e.g. timing attacks to identify the originator given IPRs on many nodes), it has not been studied in detail. There are similar rerouting/etc issues with IPRs as with PassiveRequests: for the latter, ULPRs avoid the issue by being deliberately unreliable and requiring the owner to periodically rerequest (this has the additional benefit of avoiding any load management issues); the difference is that for IPRs to be useful, they have to persist over a timescale longer than the expiration of the data from the datastore, but that may still be a useful approach. Otherwise we need to deal with these problems directly through cancellation, explicit rerouting, and rationing, as with PassiveRequests.

The advantage is that while even IPRs do not provide permanent content storage (because the queue can overflow, and because of renewal issues), they should provide a very high level of confidence that data is available. And they save space. For example for a backup/snapshot system, the data on the filesystem can be inserted via IPRs, and pulled from the filesystem when it is requested (assuming that the daemon tracks all data via inotify and sends a cancellation on any change being made). Thus, while we cannot provide secure backup for personal files, any file which is still on a computer backed up by the snapshot system should be retrievable.

There have been discussions (or at least messages) on this on the mailing list, search the archives.
Page History :: 2008-02-21 14:02:36 XML :: Owner: MatthewToseland :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.2
Page was generated in 0.0402 seconds