[OpenAFS-devel] openafs - proposed cache security improvement

Robert Banz banz@umbc.edu
Fri, 23 Mar 2007 09:58:51 -0400


I know that this would be an "rx" change, but doing something like an  
anonymous DH exchange with servers the first time you talk to them  
would allow you to create a connection that would be resistant to  
this sort of hijacking.

(yes, you'd still be open to a true man-in-the-middle attack; but  
that man would have to be there at the beginning of the session.)

On Mar 23, 2007, at 09:36, Jim Rees wrote:

> Before looking at solutions I think it would be a good idea to look  
> at the
> requirements.  Here are the ones I can think of:
>
> 1. Client must have a secure connection to the server even for what  
> are now
> unathenticated connections
>
> 2. Client must be able to authenticate the server
>
> 3. It would be nice if this could be done with Kerberos rather than  
> making
> afs depend on something else, like openssl and a public key  
> infrastructure
>
> 4. No special configuration required on the client
>
> I think we agree on 1, I'm not sure about 2 but I think it's  
> obviously a
> good idea, and we disagree on 3.  We agree on 4 but you give it a  
> higher
> priority than I do.  I'd like to hear other peoples' opinions.
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel