Comments (3)
sgwilym
commented on May 21, 2024
I'm going to implement this. As mentioned above, one of the problems to solve is distinguishing when a share address contains a public key and when it doesn't.
Some options:
-
As mentioned above, we could just use the rough heuristic of 'begins with a b and is 53 characters long'. If these criteria are satisfied, then a share's private key is required to write valid documents.
-
We could also make invite-only shares use a different address format, e.g.
-or++instead of+. This has the benefit of making it easy for a user to eyeball if a share is an invite-only share as well. -
One last option is to make all shares have a public key, and dropping the possibility of writing to a share with only the share address altogether. This makes Earthstar a little more secure by default, but I wonder if this introduces unnecessary complexity for many use-cases.
from earthstar.
johanbove
commented on May 21, 2024
How much time do we have to contemplate on these options? At first thought I would go for option 2 and use "-" to indicate the read-only mode.
from earthstar.
sgwilym
commented on May 21, 2024
@johanbove I have a branch which implements option 3 but I'm not totally happy with it.
One reason is that signing / verification of docs takes twice as long as there are now two signatures. This effectively doubles the time taken to perform common operations like ingesting docs from another peer.
from earthstar.
Related Issues (20)
- Make Earthstar select the best crypto driver for the detected platform HOT 1
- Ensure all doc drivers return documents of correct formats
- Cancel attachment transfers when syncing is cancelled
- Unclear how to use "earthstar identities switch" HOT 3
- Add a way to reject ingesting documents from certain users during sync
- Add a way to specify an attachment size limit during sync
- Add forgetting methods to replica HOT 1
- Persist document syncing thumbnails
- Use Web Locks API for ingestion
- Server <> Server syncing
- [FR] File size limit > 4 mb HOT 2
- Direct p2p online sync with WebRTC HOT 1
- Attachment sync not working on Deno runtime HOT 1
- Restricting the paths an applet can read and write to HOT 2
- What is this key for in `syncReplicaAndFsDir` ? HOT 1
- ReplicaDriverWeb not accessible from all environments HOT 4
- Upgrade SQLite3 dependency to 0.8.0
- Address private set intersection exploit HOT 2
- What is the rationale for the generateAuthorKeypair shortname only allowing lengths of 4 chars? HOT 1
- npm install error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from earthstar.