Retrieval permission to deals

[kernelogic]

Summary

(OP @ Da-you. Proofread by @ Fei Yan)

Add retrieval permission to deals, allowing only certain clients to retrieve a deal.

Motivation

Currently Filecoin protocol allows anyone with the data CID to retrieve a deal.

In a real word scenario, privacy and security are important for data storage, and it is relatively limiting if your stored data can be freely retrieved by others, although we can encrypt that data, but preventing others from retrieving it on the protocol layer can provide higher security and usability.

Design

Client side: When proposing a deal, you can specify one or more client addresses that are allowed to retrieve that data.
SP side : When a client retrieves a deal, first check to see if the client is in the list of clients that can be retrieved. If the list is empty, then it is open to everyone.

Use Cases

Personal or business surveillance video requires a high level of security and privacy, they may not retrieve data often, but when they want to, they want to be the only ones who can.

Consideration

Make updates to the allowed list after deal is on chain.

[placer14]

Wouldn't a private encryption scheme over the data better serve this need without adding this behavior to FIL protocol? IMHO, permissions/ACLs don't feel like they belong at this layer.

Can you explain why this might be preferred over my suggestion to use encryption?

[anorth]

In line with #215, this should be moved to the discussion forum. There is not yet any concrete proposed protocol change to evaluate as a FIP.

I will have some discussion to offer after that move.

[dayou5168]

So should we move this to discussion forum. i don't quite sure. if so . we can move.
@placer14 I know we can encrypt, and the user side can encrypt in its own way, but as long as our files can be downloaded or retrieved by others, it always gives the impression of insecurity. It's probably not a technical issue, it's a matter of belonging and security, and it's also true that restricting the retrieval of files can technically reduce the chances of them being cracked

[dayou5168]

In my impression, if you use an existing storage service such as aws s3, aliyun, qiniuyun, your files will not be accessed by anyone else whether they are encrypted or not, please let me know if my perception is wrong

[RobQuistNL]

I don't think it makes sense from a security perspective. It does however make sense from a bandwidth / DDOS / data-hosting-contract perspective :)

[dayou5168]

Why do you think it's safe that data can be retrieved by others? Can you elaborate? I'm just curious

[RobQuistNL]

Because you wouldn't put crucial & private information on a public storage platform unencrypted. You usually have 0 information about how its stored with the miner, the deals are public & on chain, the data resides on disk and there's 0 ACL on any of the data. There should be 0 ACL on the data - its a public cloud storage platform. You want it private - encrypt it

[dayou5168]

You make a good point, and I agree with you, but have you considered the following issues.
1: We don't provide a way to encrypt and some users aren't good at encrypting files
2: It is because we are a public storage platform that we should provide a higher level of security (of course, it is possible that encrypted files are sufficient)
Also, from my point of view, even though my files are encrypted, it is still a bit strange that they can be retrieved by other people

[RobQuistNL]

I understand! It does feel weird. But on the other hand, this is blockchain technology.. Your bank account usually is also private, yet in these blockchains its all 100% public.. Maybe it requires a shift of thought? I agree with you, it feels weird, but I think the only good and viable option would be to keep it public and encrypt it. But still - from a perspective of bandwidth / rate limiting / data provider contracts, it would be a very nice addition (people paying 0.05 FIL per deal extra to have 1gbps download speed instead of 100 mbps for example)

[jennijuju]

In my impression, if you use an existing storage service such as aws s3, aliyun, qiniuyun, your files will not be accessed by anyone else whether they are encrypted or not, please let me know if my perception is wrong

Well the service platform has direct access to the data.

[dayou5168]

The data currently stored on filecoin can also be accessed by Sp. Customers can trust Sps or storage platforms, but will too much exposed data cause encrypted data to be cracked?

[RobQuistNL]

If thats the case the whole world is in a big pile of doodoo - it means the encryption standard thats being used has been cracked.