[OpenAFS] Open AFS, SSL and wireless security.
Derek Atkins
warlord@MIT.EDU
01 Jul 2003 10:13:37 -0400
Please continue to copy the openafs lists so others can answer or
see responses....
"Tim O'Callaghan" <tim.ocallaghan@limestudios.com> writes:
> On 30 Jun 2003 13:18:16 -0400, Derek Atkins <warlord@MIT.EDU> wrote:
>
> > It does not use SSL. It can encrypt the traffic IFF you turn on
> > encryption (it is not turned on by default).
> >
> > -derek
> >
>
> not knowing anything about kerberos, would this be vunerable if a
> wireless AFS transaction was overheard? i mean that as it does require
> authentication for each transaction, i assume, the initial kerberos
> portion is not part of the encrypted transaction....
Well, it depends very much on your threat model. First, encryption is
only used when you have a token (e.g. files with a system:anyuser ACL
accessed from an un-authenticated context are not protected). Second,
the encryption used is NOT perfect, but it's certainly better than
sending along clear-text.
So, I cannot answer your "would this be vulnerable" question without
knowing your views of your threat model, answering "vulnerable to what
attacks?"
> Tim.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available