[OpenAFS-devel] Re: openafs - proposed cache security improvement
Jim Rees
rees@umich.edu
Fri, 23 Mar 2007 15:16:57 -0500
Adam Megacz wrote:
I don't think anybody is suggesting reliance on public-key
*infrastructure*.
All I mean by "infrastructure" is that the client needs some way of knowing
that the public key the server hands it is correct. There are several
possibilities:
1. The Verisign way, with CRLs, CAs, etc. Ugh. I don't think anyone wants
this.
2. Server key is provided along with the client software, possibly as part
of CellServDB (the Marcus way).
3. Server key is provided by secure dns (pigs will fly first I predict)
4. The ssh way: client remembers the key, complains if it changes
In particular, I would object to having the server simply provide the key to
the client at startup time with no further checks.
I'm also not happy about making afs depend on openssl, but it looks like I'm
in a minority here so if the rest of you are happy with this I will withdraw
my objection.