[OpenAFS-devel] openafs - proposed cache security improvement

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 27 Mar 2007 22:59:34 -0400


On Friday, March 23, 2007 10:21:48 AM -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> Jim Rees wrote:
>> Before looking at solutions I think it would be a good idea to look at
>> the requirements.
>
> The group that developed the rxgk proposal spent a long time looking at
> the security requirements for AFS.
>
>   http://www.afsig.se/afsig/space/rxgk-hackathon-2007/outline-rxgk.pdf
>
> I'm posting the document instead of transcribing the text because the
> contents are color coded to indicate what can be fixed and what cannot be.
>
> The rest of the rxgk content can be obtained from
>
>   http://www.afsig.se/afsig/space/rxgk-hackathon-2007


Incidentally, the particular problem Marcus posits here is one we 
considered, and for which rxgk has an obvious solution in the form of its 
combine-tokens operation.  I do not think it would be appropriate at this 
point in time to attempt to add this functionality to rxkad.

-- Jeff