[AFS3-std] rxgk specification
Simon Wilkinson
simon@sxw.org.uk
Fri, 18 Sep 2009 20:06:44 +0100
On 18 Sep 2009, at 19:41, Chaskiel Grundman wrote:
> 1) Should the token format be a part of the formal spec? Only
> servers sharing service keys need to agree on it.
Its not clear to me where the token format belongs. If we're doing
shared service keys for the AFS implementation of rxgk, then it
definitely needs to be spec'd in the document describing the
application of rxgk to AFS. However, there are other elements of the
token format whose behaviour needs to be specified (for instance, the
behaviour with CombineTokens, how the various lifetimes interact,
etc). Those seem more appropriate in this document, than in an
application specific one.
One possibility might be define certain minimum attributes of the
token format (enctype, K0, at least) and then have an opaque blob
which is application specific.
> 2) what's nametag for?
That's from the Arla implementation. I think I failed to document it
because I was hoping Love would answer that question - Arla's rxgk
implementation is the only place that I can see that mentions it.
> 3) > ... The use of Tn to establish an rxgk security class if it
> can ...
> class seems wrong here...
How about "The client can only make use of Tn if it can derive Kn" ?
One security concern of mine is that an attacker can happily combine
tokens sniffed from the wire using the interface described here. They
won't be able to use the combined tokens for anything, but they can
make the server do the work.
Thanks for your comments!
Simon.