[AFS3-std] rxgk-afs: moving SetCallBackKey to a separate
document?
Michael Meffie
mmeffie@sinenomine.net
Fri, 1 Mar 2013 14:59:19 -0500
On Thu, 28 Feb 2013 14:57:00 -0500
Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> Hi all,
>
> From the previous discussions here, it really feels like section 10
> ("Securing the Callback Channel") of this document is not nearly as
> polished as the rest of the document. That is, the current spec could not
> possibly result in a working system.
>
> Furthermore, the section is really describing a generic RPC and keying
> system, with only a paragraph or two that are specific to rxgk operation.
> We have several statements that begin "in rxgk's case, [...]" which makes
> the section feel like a grafted-on afterthought.
>
> rxgk's operation does not depend on SetCallBackKey, nor on extended
> callbacks in general; on the contrary, extended callbacks depend on the
> ability to set a callback key for a secure channel, and such a secure
> callback channel is probably easier to impelement once rxgk is in place
> than otherwise.
>
>
> Does anyone feel strongly that SetCallBackKey should remain in this
> document? I can probably take responsibility for writing the separate
> document which would describe a SetCallBackKey RPC, if we do not just put
> that behavior in the XCB document itself.
My impression is SetCallBackKey and the related topics could be part of a
Extended Callback document, because of the security considerations of extended
callbacks. If I understand, there is a not a case for securing callback
channels with the current callback RPCs since no information is leaked with the
current callback RPCs.
Best regards,
Mike
--
Michael Meffie <mmeffie@sinenomine.net>