Closed jcnelson closed 8 years ago
We should sub-namespace this as well:
If we can think of a scheme for Volumes, like "secret.volume.$VOLUMENAME.$ATTRNAME", we could do that too (but then the gateway would need access to the Volume private key?)
Let's just worry about verifying authenticity for the release.
Any xattr prefixed with "secret.$GATEWAY" must be encrypted by $GATEWAY's public key. For example, if a UG wants to add an xattr called "bar" that a particular RG called "foo" can read, then it should call the attribute "secret.foo.bar". Then, gateway "foo" can decrypt the secret and read it. Syndicate Gateways should do so transparently.