[OpenAFS] my afs wish list

[Marcus Watts]

Charles Clancy <security@xauth.net> sent:
> On Mon, 28 Apr 2003, Derrick J Brashear wrote:
> 
> > -Multiple encryption types. For real, not just jury-rigged into rxkad.
> > ...
> > -Better krb5 integration. I'm not sure what I mean by this, exactly.
> 
> Any thought to switching over to a pure GSS implementation?  Not only use
> it for authentication (i.e. gssklog), but also for end-to-end encryption
> too.  Then the ciphers used would be a function of the underlying security
> architecture, and completely independent of AFS.
> 
> The cool thing is that you could use something like SESAME instead of
> Kerberos.  For that matter, you could even use SSL and authenticate with
> certificates.  I don't even want to think about the amount of work
> required, but would such flexibility be useful?

GSS does its own token wrapping.  The K5 gssapi layer has its own
interesting quirks.  I don't think I'd want to count on it for
ultra-high speed operation or data streaming.

Umich CITI has done a lot of work with gssapi and NFSv4, including
kernel stuff.  They use it with a modified sun RPC, probably usually
over TCP not UDP, and certainly not RX.  Using TCP gets rid of the MTU
issue and has certainly been more optimized.  They keep mumbling about
AFS over GSSRPC, so it may just happen.  I'd wait for the
performance paper before jumping onboard - but this could well be
fascinating stuff.

CITI has also looked a bit into multiple authentication systems, again
in conjunction with NFSv4.  There are interesting naming issues doing
that, and it's not entirely clear how (or even if) you would want to
use ptserver, etc.

Certs are slow.  You probably don't want to use RSA/DSA to talk to
ptserver all the time.  Look at what it takes to make a web server do
high throughput https.

					-Marcus Watts