Node:Overview, Next:Installation, Previous:Top, Up:Top
SFS is a network file system that lets you access your files from anywhere and share them with anyone anywhere. SFS was designed with three goals in mind:
/sfs
. The contents of that directory is identical
on every client in the world. Clients have no notion of administrative
realm and no site-specific configuration options. Servers grant access
to users, not to clients. Thus, users can access their files wherever
they go, from any machine they trust that runs the SFS client software.
SFS achieves these goals by separating key management from file system
security. It names file systems by the equivalent of their public keys.
Every remote file server is mounted under a directory of the form:
/sfs/Location:HostID
Location is a DNS hostname or an IP address. HostID is a collision-resistant cryptographic hash of Location and the file server's public key. This naming scheme lets an SFS client authenticate a server given only a file name, freeing the client from any reliance on external key management mechanisms. SFS calls the directories on which it mounts file servers self-certifying pathnames.
Self-certifying pathnames let users authenticate servers through a number of different techniques. As a secure, global file system, SFS itself provides a convenient key management infrastructure. Symbolic links let the file namespace double as a key certification namespace. Thus, users can realize many key management schemes using only standard file utilities. Moreover, self-certifying pathnames let people bootstrap one key management mechanism using another, making SFS far more versatile than any file system with built-in key management.
Through a modular implementation, SFS also pushes user authentication out of the file system. Untrusted user processes transparently authenticate users to remote file servers as needed, using protocols opaque to the file system itself.
Finally, SFS separates key revocation from key distribution. Thus, the flexibility SFS provides in key management in no way hinders recovery from compromised keys.
No caffeine was used in the original production of the SFS software.