[OpenAFS] my afs wish list

Derrick J Brashear shadow@dementia.org
Mon, 28 Apr 2003 23:42:55 -0400 (EDT)


On Mon, 28 Apr 2003, Marcus Watts wrote:

> Well, I'm certainly not wedded to rxkad per se.  One of the nice
> things about rx is that it does have hooks for other schemes.
>
> But rxkad looks a lot cleaner to me than a lot of rx has gotten.
> There's a whole messy piece of rx that's devoted to trying to "solve"
> the mtu problem, which it can't because (a) it doesn't get icmp
> "don't frag" errors, and (b) it deals with "packets" not "bytes"
> so the windowing unit is inherently flawed.

But the problem is the concept of rxkad "levels" loses meaning if you try
to extend them. Like, a mechanism that provides stronger integrity than
what we have now, but no encryption, will necessarily be a higher level
than rxkad_crypt. How do you do ordering? How do you do a minimum?

For that matter, how do you do the security exchange?