What's the purpose of trusted / untrusted peers in CRDT mode?

Preface: I’m new to this technology and probably don’t have the most accurate mental model. Feel free to pick apart anything I say and show me where my assumptions fail.

I think I want to spin up a cluster where “validator” nodes are “trusted”; once they’ve verified some info, they will pin artifacts to the cluster. I was thinking individual “untrusted” users could still fetch content (and perhaps upload artifacts to the cluster too, but they’d only be pinned by a validator node, once some computation verifies correctness).

However, in the docs, it says:

Non-trusted peers only have access to ID and Version endpoints (returning IPFS and Cluster Peer information).

this seems almost totally useless. Can a non-trusted user interact at all with the cluster?? And if not, does the cluster secret need to be somehow shared privately with every possible node that wants to interact with the cluster? I just don’t see how that could work in practice, outside of very niche applications.

It means non-trusted peers only have access to ID and Version RPC endpoints exposed by other peers.

The secret is always shared. Non-trusted peers are just like other peers except they don’t get to see who is pinning what (that causes work on others), and whatever update they publish is ignored by others. You can still add content and even pin content on them (there is a follower_mode option that can be turned off on their configuration to bypass the “you cannot do this, you are configured as follower” messages).