[tahoe-dev] Tahoe-LAFS is widely misunderstood

[Chris Palmer]

Brian Warner writes:

> My problem with FUSE as the primary entry point is that it loses the whole
> least-authority model. The POSIX filesystem APIs don't expose things like
> retrieving a dircap for the subdirectory that you want to share with a
> friend, so the easiest thing to do is to share your whole rootcap with
> somebody, the equivalent of sharing passwords from the bad-old-days. It
> also doesn't let you write programs that are restricted to interacting
> with just a subset of your filesystem, so all the usual Confused Deputy
> vulnerabilities are still around.

Well, a WUI is no way to solve the confused deputy problem. :)


-- 
http://noncombatant.org/