Korkman

I don't know how the protocol deals with SyncIDs / device names at handshake time. Depending on when and how SyncIDs are exchanged in advance, it may be easier to generate something new like an AuthID and use that for the process. But that's left for the devs to decide Upgrade transition to an "authorized" share is probably a bit difficult here. The user should be informed that devices A B C have compatible btsync versions installed and device D will disconnect when the share is upgraded until client on D is updated. There's really lots of UI stuff associated with this process but I think it's worth it. Btw. when a user denies access to a device, he should be strongly encouraged to re-key.

Basically the same that happens when a file is edited in two places: "User action wins", so the later decision will overwrite the earlier. As soon as the client recognizes a change to the list of valid devices, the event could close any "Yes" / "No" dialogs and in addition show a notification "device X has given / denied permission to device Y to join share Z at Timestamp". From a data perspective, all I see is a hidden file .shareDevices with lines like Device:ActionDevice:AllowOrDeny:Timestamp For example HomePC:MobilePhone:Allow:Timestamp Stranger:HomePC:Deny:Timestamp which is shared like any other file. The idea is not strict security, but to have more awareness on new devices joining a share. Ultimatively, an attacker armed with the currently joined UUIDs / device names could bypass this measure easily - and I doubt there's anything that can be done about it. In fact, a cloned hard drive will always allow an attacker to join the share without being noticed (in which case he already has the data anyways). But that's physical security which is easy to handle for the user.

The current process of adding devices to a share is kept simple and fast. Copy the key, paste, the device has access to the share. The major drawback here is that the key, should it fall into wrong hands, immediately allows an attacker full access to the share. For example when the mobile phone QR code is presented on screen, a camera across the room could easily catch that. I propose a list of known devices shared within the folder. When a new device appears, a dialogue would appear on all currently active devices asking for permission to add the new device. A "yes" would add the device to the local list, which then will be distributed to all devices. This should be a per-share option for the user to activate. Also, it should be possible to remove a device from the list. Just editing the file in a text-editor would be fine. Thanks for your attention and this great product which makes life alot easier, Korkman