[OpenAFS] my afs wish list

Derrick J Brashear shadow@dementia.org
Tue, 29 Apr 2003 16:12:15 -0400 (EDT)


On Tue, 29 Apr 2003, Marcus Watts wrote:

> > But the problem is the concept of rxkad "levels" loses meaning if you try
> > to extend them. Like, a mechanism that provides stronger integrity than
> > what we have now, but no encryption, will necessarily be a higher level
> > than rxkad_crypt. How do you do ordering? How do you do a minimum?
> >
> > For that matter, how do you do the security exchange?
>
> Seems to me that rxkad "levels" are orthogonal to encryption type.  I

clear, auth and crypt. sure. but how do you deal with "type", then, and be
backward compatible?

> think they're a nice idea, and that it doesn't hurt to support having
> authentication and integrity checking without necessarily paying the
> overhead for privacy too.


> I don't think I'd want to confuse this at all with encryption type.
> Doing the security exchange seems simple.  I'd let the KDC deal with
> it.  If client code gets a KDC ticket that has an AES session key in
> it, then it should do AES.  If client code sees a KDC ticket that has

See earlier discussion about session versus derived keys.

> protocol, and deciding it made more sense to just replace rxkad.  Since
> then I see some people have had luck teaching rxkad about k5, which

which people are those?

> thing that stopped me was what to name a replacement.  "rxkad" has a
> nice ring to it.  "rxrc6" or "rxaes" or "rxk5ad" don't seem nearly as

"rxis" or "rxes" would be pronounced "Rexis", what it stands for is an
exercise for the reader.

> pronounceable to me.  Ok, so this is a silly thing to worry about.

> (granted, a *big* pain -- would be nice to see shared libraries
> come out of this too.)

Other than the ones we have (which could be better supported)?