[OpenAFS-devel] openafs - proposed cache security improvement
Robert Banz
banz@umbc.edu
Fri, 23 Mar 2007 09:58:51 -0400
I know that this would be an "rx" change, but doing something like an
anonymous DH exchange with servers the first time you talk to them
would allow you to create a connection that would be resistant to
this sort of hijacking.
(yes, you'd still be open to a true man-in-the-middle attack; but
that man would have to be there at the beginning of the session.)
On Mar 23, 2007, at 09:36, Jim Rees wrote:
> Before looking at solutions I think it would be a good idea to look
> at the
> requirements. Here are the ones I can think of:
>
> 1. Client must have a secure connection to the server even for what
> are now
> unathenticated connections
>
> 2. Client must be able to authenticate the server
>
> 3. It would be nice if this could be done with Kerberos rather than
> making
> afs depend on something else, like openssl and a public key
> infrastructure
>
> 4. No special configuration required on the client
>
> I think we agree on 1, I'm not sure about 2 but I think it's
> obviously a
> good idea, and we disagree on 3. We agree on 4 but you give it a
> higher
> priority than I do. I'd like to hear other peoples' opinions.
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel