[OpenAFS-devel] openafs - proposed cache security improvement
Robert Banz
banz@umbc.edu
Fri, 23 Mar 2007 10:12:46 -0400
On Mar 23, 2007, at 10:04, Jim Rees wrote:
> Robert Banz wrote:
>
> I know that this would be an "rx" change, but doing something
> like an
> anonymous DH exchange with servers the first time you talk to them
> would allow you to create a connection that would be resistant to
> this sort of hijacking.
>
> Yes, but if we're going to change something, I think it would be
> useful for
> the client to authenticate the server. If it doesn't, I don't see
> that
> we've really improved the situation.
So, you're going to issue client credentials to all of your AFS clients?
A valiant attempt, but I see practicality and management issues. ;)
I think it's a great idea, but the ability to fall back to something
that's "reasonably secure" would be nice. There's also the approach
ssh takes -- the first time you contact the server (ever) we store
the server's "key", and keep it around. If something funky DOES
happen at some point, you'll know somethin's wrotten...
-rob