tgeens
commented
10 years ago I'd say peer discovery would be the easy part ? :-)
This requires you to solve quite some challenging authentication & authorization questions. Anyone any idea how DropBox does authorization for their LAN-sync ?
I'm not a cryptographer, so don't implement this based on my comments below :-)
I guess you need some KDF or HMAC, so you can easily verify another user has read-access on a piece of content. I think this HMAC needs at least the following components: (1) based on a derived/shared secret (maybe hash of the content? sounds a little weak ? ) (2) verifiable unique peer id (protect against replay attacks) (3) salt (HMAC)
About (1): I think the document-id/noderef can't be used as a secret, because there are ways to get to know about the existence of document-id's without actually having access.
Let's say 100 computers are in the same local network, and a new big file is added to the remote server, which is slow and far away.
Rather than having all 100 computers download the file in parallel, it would be better to have one download the file, and share it with the others.
It requires a strong checksum of the file, and a way to identify peers.