[AFS3-std] Thoughts on SetCallBackKey and token format

[Benjamin Kaduk]

On Mon, 3 Feb 2014, Simon Wilkinson wrote:

>
> On 3 Feb 2014, at 22:24, Benjamin Kaduk <kaduk@mit.edu> wrote:
>
>> * In order to have secure callbacks work properly, we need to know which identity (if any!) from the user's token was the cache manager token.
>
> You also want to be able to handle single identity tokens - such as 
> those from single user machines, or from single user tools such as 
> libafscp. You can do this by just using the user's identity as the cache 
> manager identity in these situations. It is up to the cache manager to 
> then deal with any poisoning attacks that this might open up.

There's nothing stopping an application from passing the same token as 
both arguments to AFSCombineTokens, yes.

We've had text in this document noting that "the cache manager token
discussed earlier [is] required in order for a client to accept
secure callbacks" since the -00, and I haven't convinced myself that that 
constraint can be relaxed.

-Ben