Request for clarification
ivanyu opened this issue · 2 comments
Hello.
While reading the protocol draft, I didn't catch the following idea. When a user want to give full access to a share to a peer, does he have to generate a temporary access code or it's enough to share only a read-write secret (like in BT Sync)?
Thanks in advance.
Hello ivanyu,
There isn't a way to share the read-write secret directly. This was done intentionally because access codes have far better security for the average use case.
If the behavior of btsync is desired, a multi-use access code can be created with no expiration time. This would be ideal for a group of coworkers, for example.
Early drafts of the protocol worked like you're explaining, and one other thing that made me uncomfortable about it is that the read-only key had to be derived from the read-write key, and the share ID from the read-only key. While there are probably ways to do this safely, I'm not a cryptography expert so I felt it was better to keep them as fully independent entities.
Said another way, clearskies can behave identically to btsync with a non-expiring multi-use access code. The recommendation to implementations is to make temporary access codes by default since they improve security for the most common use cases. Please reopen if I'm not making sense or if you think I can clarify the spec in this regard.