[OpenAFS-devel] Progress on Linux in-kernel RxRPC library

Kyle Moffett mrmacman_g4@mac.com
Tue, 22 Mar 2005 21:11:55 -0500 

On Mar 22, 2005, at 20:58, Jeffrey Hutzelman wrote:

> That works.  In fact, at the sockets layer I guess I really
> don't care whether the default is to share connections or
> not, as long as the application has the choice.

Not sharing connections by default  would tend to reduce the
number of "doh!" security problems considerably, and would
also match the current not-SO_REUSEADDR and not-SO_REUSEPORT
defaults, so I'm inclined to go in that direction.

> True, but if you look at existing API's for things like Rx,
> Kerberos, and GSSAPI, an initiator always gets to provide
> specific credentials to be used, with the ticket file or
> keyring or whatever being used as a fallback if it chooses
> not to do so.  Applications are generally encouraged to use
> the default behaviour when possible, but there will always
> be exceptions.
>
> It would even be reasonable, I think, to do a keyring
> search by default and do something else only if the caller
> explicitly requests particular credentials.
>
> I would also suggest a separate option to be used to
> express a preference for the type of credentials to be used.
> At the moment the choices would presumably be { rxnull,
> Kerberos, ANY, ANY-except-null }, with ANY being the
> default.  In particular, it's useful to be able to make a
> call without authentication even if there are credentials
> available, and it's fairly important to be able to require
> an authenticated connection, with an error if no
> credentials are available.

Actually, I was thinking that the default should be null
encryption/authentication, and if the developer wants, they
should specify credentials and a preference array or bitmask
describing what's acceptable.  That would allow the use of
acrypto in the Linux kernel to accelerate many or all of the
crypto ops in hardware.

>> Maybe in a couple weeks or so I'll have a patch for you
>> to look at.
>
> OK.  And maybe some more API details, as they become available?

Absolutely.  No point in keeping anybody in the dark :-D

Cheers,
Kyle Moffett

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r  
!y?(-)
------END GEEK CODE BLOCK------