[OpenAFS] Encryption of traffic

Jason Edgecombe jason@rampaginggeek.com
Tue, 26 Jun 2007 18:47:56 -0400

Russ Allbery wrote:
> On the contrary, this is our top development priority apart from keeping
> things generally working, and is the focus of both the rxk5 and rxgk
> work.  The difficulty is that replacing the encryption algorithm in AFS
> requires substantial protocol changes and ideally one wants to generalize
> the encryption layer and support all GSSAPI encryption types at the same
> time, as well as provide a framework for stronger authentication in
> general.
> Both rxk5 and rxgk have made substantial progress in the past year.
ok, dumb question time.

Would using ASN.1 be more of a pain than helpful? I only say this 
because I read in the O'Reilly kerberos book that Krb5 uses ASN.1 to 
"future-proof" the encryption stuff and the protocol in general. I know 
nothing about ASN.1 besides that it's use by Kerb5, SNMP, and a few others.

Jason Edgecombe