[AFS3-std] file servers, uuids, and GSS identities

[Benjamin Kaduk]

On Thu, 14 Feb 2013, Simon Wilkinson wrote:

>
> On 14 Feb 2013, at 22:15, Benjamin Kaduk wrote:
>> jhutz notes that in order to go from the nonce returned by VL_RegisterAddrsAndKey to an actual key, the caller of the RPC needs to perform PRF+ with the master key (K0) of the token of the connection and the two nonces.  The other uses of PRF+ are in key derivation for packet processing and for token combination; the key itself need not be exposed to security object consumers otherwise.  Using a separate utility to register a new fileserver and key would preserver this property, which is probably useful.
>
>
> I'm not sure how it being a separate utility, versus the fileserver, 
> helps you here. Whatever happens, the rxgk library needs to provide 
> either a means of getting K0 for a particular connection, or of 
> performing the a PRF+ operation using a particular set of inputs against 
> a connection's key. Changing the caller from a bit of the fileserver, to 
> a standalone utility doesn't change the need to export that information.

I could imagine a utility whose source lived in src/rxgk and linked 
against internal object files and not the library; the relevant symbols 
need not be exported from the library in that case.

Probably not worth worrying about the details too much at this point, 
though.

-Ben