[OpenAFS] my afs wish list
Charles Clancy
security@xauth.net
Tue, 29 Apr 2003 17:46:19 -0500 (CDT)
On Mon, 28 Apr 2003, Derrick J Brashear wrote:
> -Multiple encryption types. For real, not just jury-rigged into rxkad.
> ...
> -Better krb5 integration. I'm not sure what I mean by this, exactly.
Any thought to switching over to a pure GSS implementation? Not only use
it for authentication (i.e. gssklog), but also for end-to-end encryption
too. Then the ciphers used would be a function of the underlying security
architecture, and completely independent of AFS.
The cool thing is that you could use something like SESAME instead of
Kerberos. For that matter, you could even use SSL and authenticate with
certificates. I don't even want to think about the amount of work
required, but would such flexibility be useful?
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
[ crypto ]---[ coordinated science lab ]---[ university of illinois ]