[AFS3-std] Re: rxgk token: encrypted blob or not
Andrew Deason
adeason@sinenomine.net
Tue, 6 Nov 2012 19:31:57 -0600
On Wed, 31 Oct 2012 19:50:17 -0400 (EDT)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> > However, I don't think it's difficult to generalize this a bit more.
> > My off-hand guess at some text:
> >
> > "... It is assumed that such applications will conceptually 'encrypt' a
> > token by somehow associating the 'encrypted' token with the associated
> > unencrypted data, and will 'decrypt' an encrypted token by looking up
> > that association to find the unencrypted data."
> >
> > But I don't think it is worth spending much time on this; this seems
> > very unlikely to result in any practical issues.
>
> Fair enough.
>
> Where should we mention the RXGK_SERVER_ENC_TOKEN key usage?
> It doesn't really seem right to bump it to rxgk-afs...
The text you pushed to github seems fine (which still has
RXGK_SERVER_ENC_TOKEN right there for encrypted blobs). However, it
says:
If the token is an encrypted blob, it should be encrypted using
the key usage RXGK_SERVER_ENC_TOKEN.
should that be a SHOULD ?
--
Andrew Deason
adeason@sinenomine.net