From: Zooko O'Whielacronx Date: Fri, 19 Aug 2011 06:00:41 +0000 (-0700) Subject: docs: formatting: M-x whitespace-cleanup X-Git-Tag: pre-393~4 X-Git-Url: https://git.rkrishnan.org/specifications/%5B/%5D%20/install.html?a=commitdiff_plain;h=3c711a8375d9179bcf370e5a9932eaf9c3d64d14;p=tahoe-lafs%2Ftahoe-lafs.git docs: formatting: M-x whitespace-cleanup --- diff --git a/docs/about.rst b/docs/about.rst index a278e3b1..dde61130 100644 --- a/docs/about.rst +++ b/docs/about.rst @@ -2,98 +2,98 @@ Welcome to Tahoe-LAFS! ====================== -Welcome to `Tahoe-LAFS `_, the first +Welcome to `Tahoe-LAFS `_, the first decentralized storage system with *provider-independent security*. What is "provider-independent security"? ======================================== -Every seller of cloud storage services will tell you that their service -is "secure". But what they mean by that is something fundamentally -different from what we mean. What they mean by "secure" is that after -you've given them the power to read and modify your data, they try -really hard not to let this power be abused. This turns out to be -difficult! Bugs, misconfigurations, or operator error can accidentally -expose your data to another customer or to the public, or can corrupt -your data. Criminals routinely gain illicit access to corporate -servers. Even more insidious is the fact that the employees themselves -sometimes violate customer privacy out of carelessness, avarice, or -mere curiousity. The most conscientious of these service providers +Every seller of cloud storage services will tell you that their service +is "secure". But what they mean by that is something fundamentally +different from what we mean. What they mean by "secure" is that after +you've given them the power to read and modify your data, they try +really hard not to let this power be abused. This turns out to be +difficult! Bugs, misconfigurations, or operator error can accidentally +expose your data to another customer or to the public, or can corrupt +your data. Criminals routinely gain illicit access to corporate +servers. Even more insidious is the fact that the employees themselves +sometimes violate customer privacy out of carelessness, avarice, or +mere curiousity. The most conscientious of these service providers spend considerable effort and expense trying to mitigate these risks. -What we mean by "security" is something different. *The service -provider never has the ability to read or modify your data in the first -place -- never.* If you use Tahoe-LAFS, then all of the threats -described above are non-issues to you. Not only is it easy and -inexpensive for the service provider to maintain the security of your -data, but in fact they couldn't violate its security if they tried. +What we mean by "security" is something different. *The service +provider never has the ability to read or modify your data in the first +place -- never.* If you use Tahoe-LAFS, then all of the threats +described above are non-issues to you. Not only is it easy and +inexpensive for the service provider to maintain the security of your +data, but in fact they couldn't violate its security if they tried. This is what we call *provider-independent security*. -This guarantee is integrated naturally into the Tahoe-LAFS storage -system and doesn't require you to perform a manual pre-encryption step -or cumbersome key management. (After all, having to do cumbersome -manual operations when storing or accessing your data would nullify one -of the primary benefits of using cloud storage in the first place -- +This guarantee is integrated naturally into the Tahoe-LAFS storage +system and doesn't require you to perform a manual pre-encryption step +or cumbersome key management. (After all, having to do cumbersome +manual operations when storing or accessing your data would nullify one +of the primary benefits of using cloud storage in the first place -- convenience.) Here's how it works: .. image:: http://tahoe-lafs.org/~zooko/network-and-reliance-topology.png -A "storage grid" is made up of a number of storage servers. A storage -server has direct attached storage (typically one or more hard disks). -A "gateway" uses the storage servers and provides access to the +A "storage grid" is made up of a number of storage servers. A storage +server has direct attached storage (typically one or more hard disks). +A "gateway" uses the storage servers and provides access to the filesystem over HTTP(S) or (S)FTP. -Users do not rely on storage servers to provide *confidentiality* nor -*integrity* for their data -- instead all of the data is encrypted and -integrity-checked by the gateway, so that the servers can neither read +Users do not rely on storage servers to provide *confidentiality* nor +*integrity* for their data -- instead all of the data is encrypted and +integrity-checked by the gateway, so that the servers can neither read nor modify the contents of the files. -Users do rely on storage servers for *availability*. The ciphertext is -erasure-coded and distributed across ``N`` storage servers (the default -value for ``N`` is 10) so that it can be recovered from any ``K`` of -these servers (the default value of ``K`` is 3). Therefore only the -simultaneous failure of ``N-K+1`` (with the defaults, 8) servers can +Users do rely on storage servers for *availability*. The ciphertext is +erasure-coded and distributed across ``N`` storage servers (the default +value for ``N`` is 10) so that it can be recovered from any ``K`` of +these servers (the default value of ``K`` is 3). Therefore only the +simultaneous failure of ``N-K+1`` (with the defaults, 8) servers can make the data unavailable. -In the typical deployment mode each user runs her own gateway on her -own machine. This way she relies on her own machine for the +In the typical deployment mode each user runs her own gateway on her +own machine. This way she relies on her own machine for the confidentiality and integrity of the data. -An alternate deployment mode is that the gateway runs on a remote -machine and the user connects to it over HTTPS or SFTP. This means -that the operator of the gateway can view and modify the user's data -(the user *relies on* the gateway for confidentiality and integrity), -but the advantage is that the user can access the filesystem with a -client that doesn't have the gateway software installed, such as an +An alternate deployment mode is that the gateway runs on a remote +machine and the user connects to it over HTTPS or SFTP. This means +that the operator of the gateway can view and modify the user's data +(the user *relies on* the gateway for confidentiality and integrity), +but the advantage is that the user can access the filesystem with a +client that doesn't have the gateway software installed, such as an Internet kiosk or cell phone. Access Control ============== -There are two kinds of files: immutable and mutable. Immutable files -have the property that once they have been uploaded to the storage grid -they can't be modified. Mutable ones can be modified. A user can have -read-write access to a mutable file or read-only access to it (or no +There are two kinds of files: immutable and mutable. Immutable files +have the property that once they have been uploaded to the storage grid +they can't be modified. Mutable ones can be modified. A user can have +read-write access to a mutable file or read-only access to it (or no access to it at all). -A user who has read-write access to a mutable file or directory can -give another user read-write access to that file or directory, or they -can give read-only access to that file or directory. A user who has -read-only access to a file or directory can give another user read-only +A user who has read-write access to a mutable file or directory can +give another user read-write access to that file or directory, or they +can give read-only access to that file or directory. A user who has +read-only access to a file or directory can give another user read-only access to it. -When linking a file or directory into a parent directory, you can use a -read-write link or a read-only link. If you use a read-write link, -then anyone who has read-write access to the parent directory can gain -read-write access to the child, and anyone who has read-only access to -the parent directory can gain read-only access to the child. If you -use a read-only link, then anyone who has either read-write or -read-only access to the parent directory can gain read-only access to +When linking a file or directory into a parent directory, you can use a +read-write link or a read-only link. If you use a read-write link, +then anyone who has read-write access to the parent directory can gain +read-write access to the child, and anyone who has read-only access to +the parent directory can gain read-only access to the child. If you +use a read-only link, then anyone who has either read-write or +read-only access to the parent directory can gain read-only access to the child. -For more technical detail, please see the `the doc page +For more technical detail, please see the `the doc page `_ on the Wiki. Get Started @@ -104,19 +104,18 @@ To use Tahoe-LAFS, please see `quickstart.rst `_. License ======= -You may use this package under the GNU General Public License, version -2 or, at your option, any later version. See the file `COPYING.GPL -<../COPYING.GPL>`_ for the terms of the GNU General Public License, +You may use this package under the GNU General Public License, version +2 or, at your option, any later version. See the file `COPYING.GPL +<../COPYING.GPL>`_ for the terms of the GNU General Public License, version 2. -You may use this package under the Transitive Grace Period Public -Licence, version 1 or, at your option, any later version. The -Transitive Grace Period Public Licence has requirements similar to the -GPL except that it allows you to wait for up to twelve months after you -redistribute a derived work before releasing the source code of your -derived work. See the file `COPYING.TGGPL <../COPYING.TGPPL.html>`_ for +You may use this package under the Transitive Grace Period Public +Licence, version 1 or, at your option, any later version. The +Transitive Grace Period Public Licence has requirements similar to the +GPL except that it allows you to wait for up to twelve months after you +redistribute a derived work before releasing the source code of your +derived work. See the file `COPYING.TGGPL <../COPYING.TGPPL.html>`_ for the terms of the Transitive Grace Period Public Licence, version 1. -(You may choose to use this package under the terms of either licence, +(You may choose to use this package under the terms of either licence, at your option.) -