[AFS3-std] Re: rxgk-afs SetCallBackKey: one token or two?
Matt W. Benjamin
matt@linuxbox.com
Wed, 13 Feb 2013 10:38:56 -0500 (EST)
Hi Andrew,
I wonder what the YFS implementation does.
Matt
----- "Andrew Deason" <adeason@sinenomine.net> wrote:
> On Tue, 12 Feb 2013 20:04:37 -0500
> Jeffrey Hutzelman <jhutz@cmu.edu> wrote:
>
> > Except the cache manager isn't a cell, and its clients don't have
> the
> > same sorts of identities that an AFS cell's clients have. So the
> > format of its tokens is opaque, like those of any other rxgk
> service,
> > does not need to be standardized, and likely does not look like the
> > tokens that rxgk-afs uses. Thus, the notion of "per-cell key"
> doesn't
> > apply -- it's just the CM's key, period.
>
> To be clear, I meant it's analagous to the per-cell key in the normal
> "client as an rxgk client" interaction. I didn't mean it's actually
> shared in the cell; it is private to the CM. You may already know
> that;
> just making sure we're on the same page.
>
> Okay, but what is the 'token' that the fileserver uses to initialize
> the
> callback connection? The given definition for SetCallBackKey just
> says
> we provide an RXGK_Token. That is not opaque, since the fileserver
> needs
> to extract the K0 to encrypt the authenticator for an RXGK_Response.
> We
> cannot provide the plain RXGK_Token in the RXGK_Response 'token',
> since
> it's transmitted in the clear, right? And it contains K0.
>
> So, according to the description above, it still seems like there are
> two pieces of information that need to be transmitted: the key (K0),
> and
> a token opaque to the fileserver. Right now we don't seem to have
> that.
>
> This kind of thing is why it sounds like the callback channel is a
> separate rxgk-using service to me (with its own tokens), which is not
> required for rxgk use pre-XCB. Which is why I have been suggesting it
> could really be a separate draft, and we wouldn't have to worry about
> it
> for now to get basic rxgk functionality through.
--
Matt Benjamin
The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI 48104
http://linuxbox.com
tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309