Initial filesystem design synopsis.
dillon at apollo.backplane.com
Thu Feb 22 10:30:49 PST 2007
:> Are you proposing to encrypt data transfered between cluster nodes?
:That's the very least.
:>> Eg: What if i want to share a file with you, but i don't
:>> want anyone else on the cluster to be able to read or modify it?
:> Why this can't be handled with help of ACLs?
:Because I as evil kernel hacker don't have to obey the ACLs you set if I =
:already have access to the raw data.
At the moment cluster communications are going to be stream based, aka
direct TCP connection or SSH or something like that.
Insofar as file data goes, the only way to create an opaque store
whos physical storage is not under your control is to encrypt the
data and use a cryptographic hash to validate it whenever you read
it (so it cannot be modified outside of your control).
More information about the Kernel