-
@ Nuh
2025-05-21 12:31:23
If i understand correctly encryption and decryption with FROST would be asymmetric.. which is not efficient, it would be fine for sharing the symmetric key... but the hard part isn't encrypting a symmetric key for the target receiver... that the easiest part to be honest.
The hard part is when you need to revoke someone access from an entire directory... and now you need to reencrypt everything on write, and you need to share the new keys to all the remaining members and you need to do all of that from an interface that is not any more complicated than Google Drive sharing settings.
Then you need to delete all the previous chunks of the filesystem tree to reclaim the storage. And if you have a builtin history system things get even harder as new keys should be able to decrypt old files but not vice versa.
I am sorry but these problems need to be solved cohesively otherwise you don't have a platform. Access control is not a plug in on S3, it is inherit and it makes or breaks the platform that became later a standard.