[AFS3-std] Thoughts on SetCallBackKey and token format
Benjamin Kaduk
kaduk@MIT.EDU
Mon, 3 Feb 2014 19:27:24 -0500 (EST)
On Mon, 3 Feb 2014, Simon Wilkinson wrote:
>
> On 3 Feb 2014, at 22:24, Benjamin Kaduk <kaduk@mit.edu> wrote:
>
>> * In order to have secure callbacks work properly, we need to know which identity (if any!) from the user's token was the cache manager token.
>
> You also want to be able to handle single identity tokens - such as
> those from single user machines, or from single user tools such as
> libafscp. You can do this by just using the user's identity as the cache
> manager identity in these situations. It is up to the cache manager to
> then deal with any poisoning attacks that this might open up.
There's nothing stopping an application from passing the same token as
both arguments to AFSCombineTokens, yes.
We've had text in this document noting that "the cache manager token
discussed earlier [is] required in order for a client to accept
secure callbacks" since the -00, and I haven't convinced myself that that
constraint can be relaxed.
-Ben