Next: Update
Up: Publius
Previous: Retrieve
It is desirable for Alice to be able to delete her Publius
content from all servers, while nobody else should be able
to delete this content. To achieve this, just before Alice publishes
a file she generates a password PW. Alice then sends the encrypted document,
share and
to the servers that will
be hosting Alice's published document.
is the hash of the domain name of the server concatenated
with a password PW. The server stores this hash value in the same directory
as the encrypted file and the share, in a file called password.
The reason this value is stored as opposed to just the PW or H(PW), is
that it prevents a malicious server from learning the password and deleting
the associated Publius content from all other servers that are hosting it.
We implemented delete as a CGI script running on each server. To
delete Publius content, Alice sends
to each hosting server, along with the namei that
corresponds to the that server. The server compares the password received
to the one stored, and if they match, removes the directory matching the
namei, and all of the files in it.
Next: Update
Up: Publius
Previous: Retrieve
Avi Rubin
2000-06-13