[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Forward Privacy" for ISPs and Customers



At 5:26 PM -0500 10/9/96, Kevin L Prigge wrote:
>Timothy C. May said:

>> Something ISPs could do--and may do if there is sufficient customer
>> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
>> technical term). That is, to have an explicit policy--implemented in the
>> software--of _really_ deleting the back messages once a customer downloads
>> them to his site. This means that _backups_ must be done in a careful
>> manner, such that even the backup tapes or disks are affected by a removal.
>
>Interesting thought, but it fails when it gets to my scale. It would
>be trivial to exclude a file or set of files from normal backup, but
>it would be problematic to exclude files from filesystem dumps, etc.
>The scale I deal with (40,000 users, 12gb of /home directory files and
>about the same in the mail spool) would make it almost impossible to
>provide this service with accuracy to my users.

Were I implementing this on my present system, with three hard disks (.5,
1.0, and 2.9 GB), I would just move the mail spool for the "no backups"
customers to one of the disks and then just not back it up. I realize this
could be a headache for ISPs, but the principle seems easy enough to
realize: move the mail files to a place that is not backed up.

(By the way, the backup utility I have is very easy to configure to back up
some files, not others, on all kinds of varying schedules. I would've
thought "tar" and other such vaunted Unix tools are at least as
configurable.)

Again, I think the most straightforward approach is to offer two kinds of
service: backups and no backups. And the "no backup" customers know that no
backups are kept. (BTW, it's also possible the ISP could offer a "crash
recovery" buffer of, say, a few days or a few weeks, to cover crashes of
its own system. The crash recovery disk would, ideally, be overwritten,
with no permanent copy of it ever made.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."