[OpenAFS-devel] Re: openafs - proposed cache security improvement

Sean O'Malley omalleys@msu.edu
Mon, 26 Mar 2007 18:54:49 -0400 (EDT)


On Fri, 23 Mar 2007, Adam Megacz wrote:
>
> This sounds really nice.  One concern, though: how is the user alerted
> to this fact, and how does the user indicate "yes, it's okay to accept
> a new server key" without root access on the client?

I echo this concern. Especially for users of portables. You can
have multiple IP #'s over a couple of different interfaces during the
course of a normal day.

I would also like to see this design being able to be expanded to
cover detached from the network computing. If you are going to use a key,
then you could encrypt cachespace and a token or ticket or something and
possibly reuse a bunch of code.


--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------