<div dir="ltr">Yep, you are correct. I believe that the long term solution is to implement accounting (<a href="https://tahoe-lafs.org/trac/tahoe-lafs/wiki/NewAccountingDesign">https://tahoe-lafs.org/trac/tahoe-lafs/wiki/NewAccountingDesign</a>). Once accounting has been implemented, then each node can set its own policy for what clients are allowed to do. For now, my best advice is to do your best to secure the FURL and monitor the status page for unknown connections.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 29, 2015 at 6:40 AM, Jean-Rene David <span dir="ltr"><<a href="mailto:tahoe-dev@levelnine.net" target="_blank">tahoe-dev@levelnine.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thank you Paul. That does clear it up quite<br>
nicely.<br>
<br>
Isn't the FURL stored on all nodes, including the<br>
untrusted ones? In that case it doesn't make for<br>
much of a secret.<br>
<br>
Also, in the event that an untrusted node is<br>
compromised, doesn't that mean the intruder can<br>
now use our grid?<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
JR<br>
<br>
* Paul Rabahy <a href="tel:%5B2015.10.28%2008" value="+12015102808">[2015.10.28 08</a>:40]:<br>
</font></span><div class="HOEnZb"><div class="h5">> There are 2 secrets.<br>
><br>
> The first is the FURL. This secret protects access to the grid. Anybody<br>
> with the FURL can talk to the introducer and see all the nodes on the grid.<br>
> Once they know about the nodes they will be able to upload files.<br>
><br>
> The second is your CAP(s). Each file that you upload to the grid gets a<br>
> CAP. Anybody with the CAP will be able to verify/decrypt/modify the file on<br>
> the grid corresponding to the CAP. The CAP has several different forms that<br>
> allow more granular access control (Read Only vs Read/Write). Most people<br>
> will end up saving a CAP as an Alias so that it is easier to use on their<br>
> local machine.<br>
><br>
> Hopefully this helps clear it up.<br>
><br>
><br>
> On Wed, Oct 28, 2015 at 7:48 AM, Jean-Rene David <<a href="mailto:tahoe-dev@levelnine.net">tahoe-dev@levelnine.net</a>><br>
> wrote:<br>
><br>
> > Hello,<br>
> ><br>
> > Say I create a grid and a client. I upload some<br>
> > files to the grid. Now I go on another computer<br>
> > and create another client. I use the same furl and<br>
> > connect to the same grid. What do I have to do to<br>
> > have access to the files I uploaded from the first<br>
> > client?<br>
> ><br>
> > It seems there is something very basic about tahoe<br>
> > that I don't get. On the one hand it seems<br>
> > obvious that I should have access to my own files<br>
> > no matter how I connect to the grid. On the other<br>
> > hand I don't what anybody else to have that<br>
> > access.<br>
> ><br>
> > But I didn't see any mention of an authentication<br>
> > mechanism in the docs. What is the secret part<br>
> > that authenticates me over anybody else on a grid?<br>
> ><br>
> > Thanks!<br>
> ><br>
> > --<br>
> > JR<br>
> > _______________________________________________<br>
> > tahoe-dev mailing list<br>
> > <a href="mailto:tahoe-dev@tahoe-lafs.org">tahoe-dev@tahoe-lafs.org</a><br>
> > <a href="https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev" rel="noreferrer" target="_blank">https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev</a><br>
> ><br>
<br>
> _______________________________________________<br>
> tahoe-dev mailing list<br>
> <a href="mailto:tahoe-dev@tahoe-lafs.org">tahoe-dev@tahoe-lafs.org</a><br>
> <a href="https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev" rel="noreferrer" target="_blank">https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev</a><br>
<br>
_______________________________________________<br>
tahoe-dev mailing list<br>
<a href="mailto:tahoe-dev@tahoe-lafs.org">tahoe-dev@tahoe-lafs.org</a><br>
<a href="https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev" rel="noreferrer" target="_blank">https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev</a><br>
</div></div></blockquote></div><br></div>