[OpenAFS] AES Support ?
Marcus Watts
mdw@spam.ifs.umich.edu
Thu, 27 Sep 2007 01:42:04 -0400
John Hascall <john@iastate.edu> sent:
...
> Example:
>
> [unsecured]
> -------- challenge/strong ----->
> <------- error/unsupported -----
> -------- challenge/weaker ----->
> <------- response/weaker -------
> [now secured with weaker]
> -------- supported-types? ----->
> <------- stronger,weaker -------
> "I've been had!"
Ok, this picture confuses me a bit. Actually, it confuses me a lot.
In rx, the first packet sent is a data packet from the client
to the server. All the securityindex/encryption type issues
have to be resolved before then. The challenge comes
back from the server, and there is no "retry until right"
logic on either side. There isn't any room here for the server
& client to negotiate supported protocols, encryption types, or anything.
rxk5 is simple - it doesn't provide what rx doesn't faciliate.
rxgk is fancier - it will support some of this,
using extra sets of rx calls, servers, etc.
It has also already taken longer to implement.
-Marcus Watts