[OpenAFS] Open AFS, SSL and wireless security.

Derek Atkins warlord@MIT.EDU
01 Jul 2003 10:13:37 -0400


Please continue to copy the openafs lists so others can answer or
see responses....

"Tim O'Callaghan" <tim.ocallaghan@limestudios.com> writes:

> On 30 Jun 2003 13:18:16 -0400, Derek Atkins <warlord@MIT.EDU> wrote:
> 
> > It does not use SSL.  It can encrypt the traffic IFF you turn on
> > encryption (it is not turned on by default).
> >
> > -derek
> >
> 
> not knowing anything about kerberos, would this be vunerable if a
> wireless AFS transaction was overheard? i mean that as it does require
> authentication for each transaction, i assume, the initial kerberos
> portion is not part of the encrypted transaction....

Well, it depends very much on your threat model.  First, encryption is
only used when you have a token (e.g. files with a system:anyuser ACL
accessed from an un-authenticated context are not protected).  Second,
the encryption used is NOT perfect, but it's certainly better than
sending along clear-text.

So, I cannot answer your "would this be vulnerable" question without
knowing your views of your threat model, answering "vulnerable to what
attacks?"

> Tim.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available