[OpenAFS] AES Support ?

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 27 Sep 2007 11:35:49 -0400


John Hascall wrote:
>> You will be able to turn it off as we described.  You remove the
>> afs/cell@REALM key and it will no longer be used.  However, there must
>> be a smooth transition mechanism and that means no flag days.
> 
> Correct me if I am wrong, but if there is to be a smooth transition
> then I have to wait until every single afs client worldwide who might
> access our cell has upgraded (and how would I even know this).
> 
> The day I drop my afs/cell@REALM key is the flag day.

The day you decide to make that change should not force others to make
that change as well.

Nor should clients that wish to talk to your cell and only support rxkad
be able to obtain tokens that do not work.

Jeffrey Altman