[OpenAFS-devel] encrypting server-to-server traffic by default?

Benjamin Kaduk kaduk@MIT.EDU
Wed, 4 Feb 2015 17:33:49 -0500 (EST)


Hi all,

In the leadup to 1.8, there's been some talk about encrypting
server-to-server traffic by default; gerrit 11349 for VolForward traffic
has been sitting around for a while, but viced traffic to the dbservers
could also get encrypted, and the ubik traffic as well.

This would of course need to be configurable for sites which are not
willing to pay the performance penalty.  It seems like we may not need or
want to introduce individual knobs for each place where afsconf_ClientAuth
is used, and could instead have a single knob for the everything that
lives under the afsconf abstraction.

Keeping it under the afsconf abstraction would give us a lot of
flexibility in implementation, and also a convenient place to put a knob
for using rxgk for client connections as well.

At the moment, I'm thinking about a flat text file with key/value pairs.
(Well, just one to start.)  Does that seem reasonable?  (Any ideas for
what to name it?)

Thoughts about whether we should encrypt server-to-server traffic by
default are also welcome, including suggesting that discussion move to
-info.

-Ben