[tahoe-dev] Tahoe Access Control
Greg Troxel
gdt at ir.bbn.com
Fri Jun 3 03:28:20 PDT 2011
Thanks - I see that in docs/about.rst#access-control the functionality
is explained. Certainly I see that if the dir has a readcap as the
link, even a dir writecap doesn't magically augment that. I was focused
on the case where the tree is rw and someone has a readcap.
But, in wiki:Capabilities, it says that a directory is just a mutable
file with special interpretation. So I think it would help to have a
page perhaps wiki:Directory that explains the format of the contents of
a directory.
So, it seems that a directory writecap enables one to:
change the directory (as expected)
read the write part of writecaps stored in the directory
while a directory readcap enables one only to
read the read part of writecaps stored in the directory, or the
matching readcap that must always be present next to a readcap
But I still don't understand whether there is some incremental write
part of the writecap (the part that's omitted when diminishing to a
readcap) encrypted in a different key (that's in the parent writecap but
not the parent readcap), or whether a dir looks like:
name readcap [writecap]
and the whole writecap is encrypted in a key that is only in the parent
writecap.
random other questions:
Is the URI: format (textually) in the directory? Or some binary format?
I also don't see a CLI command to take a writecap and return a readcap.
"tahoe get" on a directory didn't work:
Error during GET: 302 Found
but I expected to get the directory contents.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110603/1298853a/attachment.pgp>
More information about the tahoe-dev
mailing list