[AFS3-std] Re: afs3-rxgk-updates for 03
Andrew Deason
adeason@sinenomine.net
Tue, 6 Nov 2012 18:41:48 -0600
On Fri, 2 Nov 2012 18:15:40 -0400 (EDT)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> Good point. I've got in my local copy:
> SHOULD only offer the CombineTokens operation to clients connecting
> - over an rxgk secured connection.</t>
> + over an rxgk secured connection, with an RXGK_Level of RXGK_LEVEL_AUTH
> + or higher.</t>
>
> I'm wavering on higher vs. better (or something else).
While I don't find this terribly important, we might just want to say to
accept anything except CLEAR for now, and specify why (avoid DoS via a
hijacked connection, though interception of data is fine).
I would have thought that a BIND connection could possibly allow
hijacking while still providing other security requirements (like
CLEAR). That would mean a BIND connection may or may not be allowable
here, depending on the underlying layer, which is why the reason for the
level requirement should perhaps be mentioned.
--
Andrew Deason
adeason@sinenomine.net