[AFS3-std] rxgk: client determined security level

[Jeffrey Hutzelman]

On Fri, 2011-03-11 at 15:59 +0000, Simon Wilkinson wrote:
> Currently rxgk sets the security level of a connection to that
>  determined at token establishment time between the client and the
>  negotiation service. There is no option for the client to select a
>  higher level of protection for a particular connection. I'm intended
>  on modifying the format of the rxgk authenticator (included, in
>  encrypted form, as part of the response in the RX security handshake)
>  so that it can include an afs_int32 "level" field. This level field
>  will indicate the security level to be used for that connection. It is
>  an error if the level is lower than that originally negotiated.
> 
> Comments?

6 months later...

There's no provision for the client to select something different for a
particular connection because it can't.  The Rx protocol requires that
the client construct and send its first message before receiving any
information from the server.  There is no way for the client to know
whether the server supports a higher level of protection, or will permit
it.  This is why we pushed all negotiation into the token establishment
exchange.

Further, by fixing the protection level at token establishment time and
recording the negotiated level in the private part of the token, you can
potentially avoid a downgrade attack that would otherwise be possible
when a client wishes to use a higher level of protection.

I know this is late, but my preference is to keep negotiation in the
token establishment phase.

-- Jeff