[OpenAFS] (no subject)

[Jim Rees]

Depending on obscure file names for access control seems like a bad idea to
me, especially when there are other mechanisms available.

Implementing unreadable directories would require a major protocol change,
because lookups would have to be done on the server instead of on the
client.  This is how nfs works.  Instead of caching whole directories, the
client would have to cache directory entries.  The protocol would become
much chattier.

Per-file permissions based on the mode bits might make sense, and it's
obviously possible if mrafs does it.  I think I would do it on a per-volume
basis, which would be much easier than per-user.