[OpenAFS-devel] openafs - proposed cache security improvement

Robert Banz banz@umbc.edu
Fri, 23 Mar 2007 10:12:46 -0400


On Mar 23, 2007, at 10:04, Jim Rees wrote:

> Robert Banz wrote:
>
>   I know that this would be an "rx" change, but doing something  
> like an
>   anonymous DH exchange with servers the first time you talk to them
>   would allow you to create a connection that would be resistant to
>   this sort of hijacking.
>
> Yes, but if we're going to change something, I think it would be  
> useful for
> the client to authenticate the server.  If it doesn't, I don't see  
> that
> we've really improved the situation.

So, you're going to issue client credentials to all of your AFS clients?

A valiant attempt, but I see practicality and management issues. ;)

I think it's a great idea, but the ability to fall back to something  
that's "reasonably secure" would be nice.  There's also the approach  
ssh takes -- the first time you contact the server (ever) we store  
the server's "key", and keep it around.  If something funky DOES  
happen at some point, you'll know somethin's wrotten...

-rob