[OpenAFS] my afs wish list

[Love]

Marcus Watts <mdw@umich.edu> writes:

> Like I said, I'm not wedded to rxkad.  I remember originally thinking
> that the blocksize / DES logic looked pretty tightly wedded to the
> protocol, and deciding it made more sense to just replace rxkad.  Since
> then I see some people have had luck teaching rxkad about k5, which
> makes using rxkad more tempting, but not necessarily practical.  So I
> don't see a problem with just "replacing it".  Actually, the biggest
> thing that stopped me was what to name a replacement.  "rxkad" has a
> nice ring to it.  "rxrc6" or "rxaes" or "rxk5ad" don't seem nearly as
> pronounceable to me.  Ok, so this is a silly thing to worry about.

The reson I started on writing a new rx security layer != rxkad is that I
wanted more functionallity that it was reasonbly to cram into rxkad.

That included, among others, rekeying, using diffrent keys per connection,
key neg, diffrent keys per service.

Using plain kerberos 5 in rxkad doesn't work since krb5 messages is/can be
too large.

If you want a rxkad like rx security layer that can do diffrent key's per
connection and solves the kerberos msg too large, but doesn't do that other
stuff, I can try clean it up.

Love