Check out the new USENIX Web site. next up previous
Next: Incremental deployment Up: Example: Electronic mail Previous: Email folders

Discussion

By default, ePOST provides strong confidentiality, authentication and message integrity. The system is able to tolerate up to k-1 faulty or unreachable nodes in any random set of k POST nodes without loss of data or service, where k is the degree of message replication. It relies on Pastry's secure routing facilities [2], data replication, and cryptographic techniques to achieve robustness under a wide range of attacks, including denial-of-service and participants that suffer byzantine faults.

More analysis and experimentation will be necessary to determine appropriate assumptions about the fraction of faulty nodes in various environments, and appropriate levels of replication. Results of a prior study on p2p filesystems in corporate environments indicate that modest levels of replication can yield high availability [1].

Since ePOST inserts all incoming messages into the local overlay, only the node failure probability and failure independence within a user's local overlay determine the durability of the messages that the user references. Therefore, a user's organization can take appropriate steps to ensure failure independence and determine an appropriate degree of replication.

Mailing lists can be easily supported by maintaining the list as an additional log and storing the log head reference at the list maintainer's user identity block. When delivering a message, the sender notices the list and expands the recipient list appropriately.


next up previous
Next: Incremental deployment Up: Example: Electronic mail Previous: Email folders