What's the secret?

Paul Rabahy prabahy at gmail.com
Thu Oct 29 11:14:23 UTC 2015


Yep, you are correct. I believe that the long term solution is to implement
accounting (https://tahoe-lafs.org/trac/tahoe-lafs/wiki/NewAccountingDesign).
Once accounting has been implemented, then each node can set its own policy
for what clients are allowed to do.  For now, my best advice is to do your
best to secure the FURL and monitor the status page for unknown connections.

On Thu, Oct 29, 2015 at 6:40 AM, Jean-Rene David <tahoe-dev at levelnine.net>
wrote:

> Thank you Paul. That does clear it up quite
> nicely.
>
> Isn't the FURL stored on all nodes, including the
> untrusted ones? In that case it doesn't make for
> much of a secret.
>
> Also, in the event that an untrusted node is
> compromised, doesn't that mean the intruder can
> now use our grid?
>
> --
> JR
>
> * Paul Rabahy [2015.10.28 08:40]:
> > There are 2 secrets.
> >
> > The first is the FURL. This secret protects access to the grid. Anybody
> > with the FURL can talk to the introducer and see all the nodes on the
> grid.
> > Once they know about the nodes they will be able to upload files.
> >
> > The second is your CAP(s). Each file that you upload to the grid gets a
> > CAP. Anybody with the CAP will be able to verify/decrypt/modify the file
> on
> > the grid corresponding to the CAP. The CAP has several different forms
> that
> > allow more granular access control (Read Only vs Read/Write). Most people
> > will end up saving a CAP as an Alias so that it is easier to use on their
> > local machine.
> >
> > Hopefully this helps clear it up.
> >
> >
> > On Wed, Oct 28, 2015 at 7:48 AM, Jean-Rene David <
> tahoe-dev at levelnine.net>
> > wrote:
> >
> > > Hello,
> > >
> > > Say I create a grid and a client. I upload some
> > > files to the grid. Now I go on another computer
> > > and create another client. I use the same furl and
> > > connect to the same grid. What do I have to do to
> > > have access to the files I uploaded from the first
> > > client?
> > >
> > > It seems there is something very basic about tahoe
> > > that I don't get. On the one hand it seems
> > > obvious that I should have access to my own files
> > > no matter how I connect to the grid. On the other
> > > hand I don't what anybody else to have that
> > > access.
> > >
> > > But I didn't see any mention of an authentication
> > > mechanism in the docs. What is the secret part
> > > that authenticates me over anybody else on a grid?
> > >
> > > Thanks!
> > >
> > > --
> > > JR
> > > _______________________________________________
> > > tahoe-dev mailing list
> > > tahoe-dev at tahoe-lafs.org
> > > https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
> > >
>
> > _______________________________________________
> > tahoe-dev mailing list
> > tahoe-dev at tahoe-lafs.org
> > https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20151029/49992968/attachment.html>


More information about the tahoe-dev mailing list