[OpenAFS-devel] Re: openafs - proposed cache security improvement
Sean O'Malley
omalleys@msu.edu
Mon, 26 Mar 2007 18:54:49 -0400 (EDT)
On Fri, 23 Mar 2007, Adam Megacz wrote:
>
> This sounds really nice. One concern, though: how is the user alerted
> to this fact, and how does the user indicate "yes, it's okay to accept
> a new server key" without root access on the client?
I echo this concern. Especially for users of portables. You can
have multiple IP #'s over a couple of different interfaces during the
course of a normal day.
I would also like to see this design being able to be expanded to
cover detached from the network computing. If you are going to use a key,
then you could encrypt cachespace and a token or ticket or something and
possibly reuse a bunch of code.
--------------------------------------
Sean O'Malley, Information Technologist
Michigan State University
-------------------------------------