Add to draft

protocols/peergos.md

@@ -4,7 +4,9 @@ Peergos is an e2e encrypted distributed file storage service. At the base layer,
 
 ### Identity
 
-There is a global append-only log for the public key to username mappings. This is mirrored on every node in the peergos system. (how is consensus guaranteed?)
+There is a global append-only log for the public key to username mappings. This is mirrored on every node in the peergos system. (how is consensus guaranteed? Is the corenode same as the peergos nodes?)
+
+Login and key management: A peergos user's private keys are derived every time log in using their username and password. Specifically, a signing keypair, boxing keypair, and symmetric key is derived.
 
 ### Data storage
 
@@ -15,3 +17,19 @@ The user lists the IPFS node id of the server (hash of its public key). It synch
 ### Social
 
 Users can follow each other. Follow requests are sent through a user’s storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages.
+
+### Privacy and Access Control
+
+Files are encrypted on the peergos nodes, which only have access to metadata.
+
+Access to files gained through social follows can be revoked by rotating cryptographic keys.
+
+Access is controlled through cryptographic capabilities:
+
+- the file owner's public signing key is used to look up the filesystem
+- the label is used to look up the file
+- after retrieval, it is decrypted using the base key given to the person who has access
+
+A user can publish a capability of a file or folder they control which makes it publicly visible.
+
+A user can also share links to files, like a google doc "share" link, which lets anyone who views it at that special URL to view the file. However, the file is not transmitted unencrypted over the network, as the key to decrypt it is in the URL itself, and is interpreted locally in the browser.