As of 1.16.1 the Untrusted status isn’t passed on by Introducers. Isn’t this a bug?
I mean, consider the setup: A is Introducer for B; A adds U (untrusted), and U gets introduced to B, but isn’t marked as untrusted on B. IMHO, it’s counter-intuitive, and could(?) even lead to security issues if B is set to auto-accept…
Probably.
I think it’s not just a problem with introducers sharing U to B, but when sharing folders in general.
I was testing the untrusted devices feature on a new folder I shared with 3 devices:
ABU (untrusted)I set up the sharing as follows:
A to B.A to U.So far so good.
Now I was trying to set up the sharing of the folder between B and U, but as I didn’t enter the password on B so the data was shared normally with U and U ended up with both encrypted and unencrypted folders (no files seem to have been transferred? More on that later).
sacnoth@untrusted-device:~/cloud/MobileCloud$ ls
0.syncthing-enc 4.syncthing-enc 8.syncthing-enc C.syncthing-enc G.syncthing-enc K.syncthing-enc O.syncthing-enc S.syncthing-enc
1.syncthing-enc 5.syncthing-enc Arbeit D.syncthing-enc H.syncthing-enc L.syncthing-enc P.syncthing-enc T.syncthing-enc
2.syncthing-enc 6.syncthing-enc A.syncthing-enc E.syncthing-enc I.syncthing-enc M.syncthing-enc Q.syncthing-enc V.syncthing-enc
3.syncthing-enc 7.syncthing-enc B.syncthing-enc F.syncthing-enc J.syncthing-enc N.syncthing-enc R.syncthing-enc
Arbeit was the folder I shared.
Now B, the Android Syncthing app, kept repeatedly crashing. This could have prevented any actual files from coming through. But the original folder structure was created on the untrusted device.
And U, Syncthing for desktops, reported this in the WebUI:
Failure checking encryption consistency with device <B,phone> for folder “MobileCloud” (folder-id-123): folder is configured to be encrypted but not announced thus
The message is cut off after ‘thus’ and the folder is marked ‘Out of Sync’.
It’s hard for me to see the encrypted folder / untrusted devices feature as a replacement for some other form of encrypting the folder contents when a misconfiguration (not entering the encryption password) on one device can easily bring a folder into this state.
Please lets discuss and solve your (@sacnoth) sharing issues in a separate topic. Mixing the cases of multiple users just makes it harder to do justice to both.
On the original topic:
I agree it would be good to take “third party” remotes into account for encrypted sharing. I don’t think we even share the necessary info yet in the cluster-config. Will hopefully have a look at that this week.
It is intended that you can share different folders both encrypted and plain with a single remote. It’s your responsibility to get that right. If you do not every want a specific device to get plain data, you must set the “untrusted” option on the device: This will prevent any connection with plain data to that device, even if you (mis)configure it to do so.
I’m sorry. I thought this issue here was somewhat related as my issue arose from sending both encrypted and unencrypted data to the same remote as I understood @nekr0z and I tried to give an IRL example on how the issue can unfold.
I will continue here:
Opened an issue to keep track of this: Ensure encryption to untrusted on new, trusted device on an existing folder · Issue #7724 · syncthing/syncthing · GitHub
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.