[OpenAFS] Some questions about the future of OpenAFS

[Derrick J Brashear]

On Mon, 29 Apr 2002, Douglas E. Engert wrote:

> Yes. Its the same old K4 token. 
> 
> But this can now allow for the development of changes to the tokens independently
> of the authentication method. i.e. maybe a token2 could be defined which 
> used a 3des or AES key, yet was still simple and small like the current tokens.
> 
> Its a first step in an evolutionary process to improve AFS security.

(Speaking for myself only) the only improvement I see in this is you don't
need any kerberos. You'll have no trouble convincing me that people are
turned off by the complexity of Kerberos (never mind that the kaserver,
while it has its problems, is incredibly simple to configure and
administer) but from where I'm sitting you lost that battle as soon as you
mentioned X509

-D