Read Google's <a href="https://upspin.io/doc/">Upspin</a>,
<a href="https://upspin.io/doc/overview.md">Overview</a>,
<a href="https://upspin.io/doc/arch.md">Architecture</a>,
<a href="https://upspin.io/doc/access_control.md">Access Control</a>,
<a href="https://upspin.io/doc/security.md">Security</a>.

<p>
Would Upspin make a good storage system for decentralized
applications?
<P>
Assuming clients use encryption, can they view the servers as
completely untrusted?
<P>
What entity enforces the permissions described in an Access file?
<P>
What is the relationship between Access files and encryption?
<P>
How does a client verify that it has read the correct data? I.e. that
the data is the latest version of the desired file, written by a user
who is allowed to write the file, and no-one has tampered with the
data.
<P>
What happens when an encrypted file's Access file is changed so that
fewer users have access to the file?
<P>
What happens if a file has Group permissions and is also encrypted?
<P>
If Alice's storage server is malicious, what attacks can succeed
against Alice even if she uses encryption?
<P>
If Alice's directory server is malicious, what attacks can succeed
against Alice even if she uses encryption?
<P>
If the Upspin name server (key.upspin.io) is malicious, what attacks
can succeed against Alice even if she uses encryption?
<P>
The Upspin security page mentions Key Transparency as a possible
replacement for Upspin's key.upspin.io service. Is Key Transparency
less trusted or more decentralized than key.upspin.io? Is it similar
to Blockstack?
<P>
What happens if two users write the same file at the same time?
<P>
How big an application (number of users sharing the same data) could
Upspin support?