(Illustration by Gaich Muramatsu)
Hi Greg, On Fri, Apr 06, 2007 at 10:33:57AM -0400, Greg Troxel wrote: > As a user I'd like 'cfs cs' to use my authenticated connection, because > that verifies that the connection I want to use for data works. Sort of > like ping over IPsec. +1 (i.e. agreed) > Once a user does clog to a realm, then that uid/realm should marked as > authenticated access only. This means per uid bookkeeping on data that Possibly "authenticated stuff only" should be the initial state, resettable as you suggest below. In contrast to the web, authenticated operation is natural to Coda and the need for unauthenticated one will be limited, due to availability of anonymous tokens via public-key means. [Of course, pursuing secure operation without user intervention we will face the usual problems of the PKI. Each user will have to possess a keyring, but it will be in any case not worse than it is with the web browsers now. There might be also a keyring-per-client with some certificates, but it should be the user who decides which certificates or public keys are to be trusted, not the client administrator.] > it was authenticated. On cunlog, unauthenticated access could be > allowed, although we should perhaps split > > a) get rid of my tokens on this machine > > b) (a) and flush the cache of all my data > > c) i want to use unauthenticated access > > So perhaps a 'cfs unauth realm' to remove the 'uid/realm needs auth' > status. A good point. Now, dreaming about this world being better than it is: (b) can be a little tricky and should probably mean "all objects I but noone else have fetched". If a file was fetched/verified by someone else as well, then its removal from the cache should not be governed by your personal decisions, the other user has "implicitely told" Venus that she wants the file to be present in the cache. With other words, purge if 1. the object's user count is exactly 1 2. the object's only user is your uid otherwise just remove your id's tag and decrement the user count "the object's users" above is meant to be a set of tags about which uids agreed upon the contents of the object by talking to the corresponding server via each uid's own connection (it doesn't matter whether the connection was authenticated assuming it was the user's choice). Regards, RuneReceived on 2007-04-06 11:58:41