[OpenAFS-devel] openafs - proposed cache security improvement
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 27 Mar 2007 22:59:34 -0400
On Friday, March 23, 2007 10:21:48 AM -0400 Jeffrey Altman
<jaltman@secure-endpoints.com> wrote:
> Jim Rees wrote:
>> Before looking at solutions I think it would be a good idea to look at
>> the requirements.
>
> The group that developed the rxgk proposal spent a long time looking at
> the security requirements for AFS.
>
> http://www.afsig.se/afsig/space/rxgk-hackathon-2007/outline-rxgk.pdf
>
> I'm posting the document instead of transcribing the text because the
> contents are color coded to indicate what can be fixed and what cannot be.
>
> The rest of the rxgk content can be obtained from
>
> http://www.afsig.se/afsig/space/rxgk-hackathon-2007
Incidentally, the particular problem Marcus posits here is one we
considered, and for which rxgk has an obvious solution in the form of its
combine-tokens operation. I do not think it would be appropriate at this
point in time to attempt to add this functionality to rxkad.
-- Jeff