From @rsynnest on Thu Sep 10 2015 01:03:14 GMT+0000 (UTC)
The current implementation of IPFS is geared heavily toward distributing static content. In order for IPFS to build a fully “distributed web”, with websites similar to the ones we use today, it will need to handle distributing dynamic content, including private user-specific data like passwords or account information.
Using IPFS there is currently no way to distribute private server-side content (ie: a password database) to a bittorrent-esque swarm without giving seeders access to that sensitive information. One solution is to keep all this private server-side data on a single host server, but then you defeat the purpose of a distributed web (clients have to query the centralized host server for their private data, and there is a single point of failure for the entire swarm).
- Object encryption within IPFS
The image and description below was my original rough concept of how to solve the problem:
As a simple example, imagine the “secure data object” in the diagram is a user’s encrypted password. In this case the user only needs a public key and a private key to access their private data safely from any seeder.
I imagine this method would be best if it was part of the IPFS protocol, that way each IPFS user would only need one public and one private key, and all IPFS servers could use one set of keys to encrypt private data on a peer-by-peer basis.
Disclaimer: I am not very knowledgeable about cryptology or security, and I’m sure there are flaws as far as overhead/design. If anyone has any improvements or suggestions on how this could be done using “vanilla” IPFS, please comment!
Copied from original issue: https://github.com/ipfs/faq/issues/28