Bill Stewart wrote:
One simple approach - have Bob use a CGI script for publishing the material, e.g. http://bob.com/cgi-bin/backups?alice-file-123 that notifies Bob when the URL is accessed, and either returns the desired file or another URL that points to the real file. More complex - have Bob require a signature from Alice on the request.
that part is actually the least of my worries.
You have to think about threat models. If Alice is under attack, do the attackers have Alice's mailbox that would contain the URL? Do they have Alice's private key? Do you care? Does Bob have a site like Cryptome where anybody can read everything? Does Bob have a samizdat site where only people who have the password for a file can access that file (and maybe the password is the hash of the file)?
the threat model is that alice's system has possibly been compromised or shut down, but alice herself (and thus the private key or at least the passphrase) is still secure. the story would continue with alice digging out the mirrors and redirecting her web traffic there, so if alice goes down, things are lost anyways.
If Bob doesn't want legal problems because of Alice, it's safer if he doesn't tell Alice, or at least doesn't do anything different for Alice than he would for any other customer.
that's the problem. so how does alice know if bob doesn't tell?
The simplest version works like this key = hash(file) filename = hash(key, salt) # One salt for entire site Store Encrypt(file, key) as "filename".
that's a good start. using a hash of the content as the filename is a really important idea that will surely help me along here.