[OpenAFS] my afs wish list

Marcus Watts mdw@umich.edu
Mon, 28 Apr 2003 23:30:08 -0400 

Derrick J Brashear <shadow@dementia.org> writes:
	> From: Derrick J Brashear <shadow@dementia.org>
	> To: openafs-info@openafs.org
	> Message-ID: <Pine.LNX.4.53.0304282243530.3614@scully.trafford.dementia.org>
	> 
	> Mitch's comment about telling Spinnaker what AFS sites might want from
	> their product prompts me to tell you (all) what I want from ours.
	> 
********> -Multiple encryption types. For real, not just jury-rigged into rxkad.
	> -Large file support. We actually got there, and had to back it out because
	> of some problems. There's hope...
	> -IPv6 support
	> 
	> And then we get to some of the more intangibles:
********> -Better krb5 integration. I'm not sure what I mean by this, exactly.
	> -Serious Linux client cleanup. kernel vnodes should be untied from the
	> vcache and linked instead. start using general kernel interfaces where
	> available or possible instead of our own stuff.
	> -Reworking or replacement of the volume package (the contents of src/vol)
	> -Reworking or replacement of the namei fileserver.
	> 
	> And incidentally, since I've been prodded, perhaps Mitch meant Mike Kazar,
	> who I forgot about.

I don't know what Derrick means by "better krb5" integration, but
I know what I want to see there -- I want to see 128-bit K5 AES
useable for the encryption.

The first step is to get it standardized.  To that end, I played around
with cast5 & rc6 in K5, and went on to participate in the working
group, where I'd at least like to think I helped prod things along (or
at least I'd hate to think I slowed it down).

The next step is to actually make rx & rxkad talk AES.  There's a
couple of issues here.  A nice practical low-level problem is figuring
out how to deal with block size issues, and a related issue is to think
really hard about checksums, confounders, and all that.  (K5 AES will
do "CTS", which means the block size issue isn't actually as bad as it
sounds).  After that, it's mainly a matter of figuring out how to hook
it into the protocol & all without doing too much violence to the whole
thing.  This is definitely something I want to see happen, and it's
something I plan to spend time on this summer (assuming somebody
doesn't beat me to it.)

				-Marcus Watts
				UM ITCS Umich Systems Group