Retrieval permission to deals

[kernelogic]

Summary

(OP @ Da-you. Proofread by @ Fei Yan)

Add retrieval permission to deals, allowing only certain clients to retrieve a deal.

Motivation

Currently Filecoin protocol allows anyone with the data CID to retrieve a deal.

In a real word scenario, privacy and security are important for data storage, and it is relatively limiting if your stored data can be freely retrieved by others, although we can encrypt that data, but preventing others from retrieving it on the protocol layer can provide higher security and usability.

Design

Client side: When proposing a deal, you can specify one or more client addresses that are allowed to retrieve that data.
SP side : When a client retrieves a deal, first check to see if the client is in the list of clients that can be retrieved. If the list is empty, then it is open to everyone.

Use Cases

Personal or business surveillance video requires a high level of security and privacy, they may not retrieve data often, but when they want to, they want to be the only ones who can.

Consideration

Make updates to the allowed list after deal is on chain.

[placer14]

Wouldn't a private encryption scheme over the data better serve this need without adding this behavior to FIL protocol? IMHO, permissions/ACLs don't feel like they belong at this layer.

Can you explain why this might be preferred over my suggestion to use encryption?

[anorth]

In line with #215, this should be moved to the discussion forum. There is not yet any concrete proposed protocol change to evaluate as a FIP.

I will have some discussion to offer after that move.

[de-authority]

So should we move this to discussion forum. i don't quite sure. if so . we can move.
@placer14 I know we can encrypt, and the user side can encrypt in its own way, but as long as our files can be downloaded or retrieved by others, it always gives the impression of insecurity. It's probably not a technical issue, it's a matter of belonging and security, and it's also true that restricting the retrieval of files can technically reduce the chances of them being cracked

[de-authority]

In my impression, if you use an existing storage service such as aws s3, aliyun, qiniuyun, your files will not be accessed by anyone else whether they are encrypted or not, please let me know if my perception is wrong

[RobQuistNL]

I don't think it makes sense from a security perspective. It does however make sense from a bandwidth / DDOS / data-hosting-contract perspective :)

[jennijuju]

In my impression, if you use an existing storage service such as aws s3, aliyun, qiniuyun, your files will not be accessed by anyone else whether they are encrypted or not, please let me know if my perception is wrong

Well the service platform has direct access to the data.