[tahoe-dev] question about sharing...

Greg Troxel gdt at ir.bbn.com
Wed Jun 1 10:52:19 PDT 2011


toby cabot <toby at caboteria.org> writes:

> I have a question about sharing files with other people and I can't
> find the answer on the site but I hope this isn't a FAQ.  If I run my
> own client with the web user interface, I imagine that I can share
> files by simply giving someone a directory URL.  Could they then give

You should be clear on the difference between a URL to the gateway, and
a URI which is a capability within tahoe.  URIs get encoded in URLS, but
I'm getting fuzzy because I decided to stop using the Web User Interface
for other than checking server connectivity etc. (because putting
secrets in URLS in modern browsers seems like a bad idea).

> this URL to someone else, perhaps someone that I wouldn't want to see
> the directory?  Is there an authentication component that I'm missing?

Yes, they could.  What you are missing is 

1) that this is a capability system, not an ACL system.

2) if you handed them a decryption key for normal data, they could grab
and download the data.  They could then hand it out.

Basically, if you don't trust people to keep things secret, you can't
share with them.  This isn't about tahoe, or rather tahoe has no magic
bullet for this.

> If I give someone a URL to a directory can I later revoke that URL
> somehow but still be able to access the directory myself?

No.  But you can move the files in it to a new directory and hope the
original directory gets garbage collected.

But again, if they copied the data, you can't revoke that.


It's interesting that this comes up in tahoe much more so than in otheer
filesystems.  People don't seem to ask:

  if I have a filesystem, and I let someone read a file, and then I
  "chmod 700" it, how can I be sure they didn't keep a copy?  Isn't it a
  bug that the filesystem doesn't enforce removing all their copies?

about other filesystems.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110601/bca8670a/attachment.pgp>


More information about the tahoe-dev mailing list