[OpenAFS] data encryption

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 4 Jan 2001 14:22:34 -0500 (EST)

On Thu, 4 Jan 2001, Jim Rees wrote:

> NFS v4 uses gss for authentication and encryption.  I suspect that's
> overkill for afs, but it has some nice features.  For example, the OpenBSD
> client will eventually use the OpenBSD kernel crypt library, and that means
> a choice of algorithms, as well as hardware acceleration where it's
> available.

Actually, I don't think it's overkill at all.  In fact, my current plan
for rxkad v3 is to use GSSAPI, for some of the same reasons.  However,
we'll only use GSSAPI for authentication and key exchange, and handle
encryption of AFS traffic independently.  Anything else would require
significant chunks of GSSAPI code, including krb5 and whatever other
mechanisms you want, to be in the kernel.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA