[OpenAFS] AES Support ?
Derrick Brashear
shadow@gmail.com
Thu, 27 Sep 2007 14:24:01 -0400
------=_Part_1665_25568824.1190917441653
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 9/27/07, John Hascall <john@iastate.edu> wrote:
>
>
> > > > We aren't going to break existing deployments of AFS.
>
> > > So all future releases of OpenAFS forever will support rxkad
> > > and K4/DES-based tokens? And there will be no way for a cell
> > > to turn that off? Really?
>
> > You have the source. You can always patch it. So that's obviously false.
>
> Well, that's a tautology isn't it. You can always say "we aren't going
> to break it, you can always patch it yourself".
We aren't going to break it is not you aren't going to break it.
I can't stop you from shooting yourself in the foot, but I'm not interested
in helping. I've made that point in those words before.
You have a point, but I don't think it's the point you've been presenting.
> But there's literally no one with AFS deployed now whose clients are ready
> > for this transition.
>
> Today isn't the point. Presumably, someday people *will* start to
> transition. And, barring a worldwide flag-day, cells *will* make
> the transition at different times. Somebody *will* be the first
> one to delete their "afs" principal.
Yup. And then old clients get unauth access only.
Previously in this discussion it was said you need to upgrade all
> your servers before you start upgrading your clients. So if, (on
> that day that some other cell deletes "afs"), you haven't progressed
> far enough in your transition to where you can upgrade your clients,
> it sounds to me like you are in trouble.
Only if you want authenticated access.
------=_Part_1665_25568824.1190917441653
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<br><br><div><span class="gmail_quote">On 9/27/07, <b class="gmail_sendername">John Hascall</b> <<a href="mailto:john@iastate.edu">john@iastate.edu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>> > > We aren't going to break existing deployments of AFS.<br><br>> > So all future releases of OpenAFS forever will support rxkad<br>> > and K4/DES-based tokens? And there will be no way for a cell
<br>> > to turn that off? Really?<br><br>> You have the source. You can always patch it. So that's obviously false.<br><br> Well, that's a tautology isn't it. You can always say "we aren't going
<br> to break it, you can always patch it yourself".</blockquote><div><br>We aren't going to break it is not you aren't going to break it. <br><br>I can't stop you from shooting yourself in the foot, but I'm not interested in helping. I've made that point in those words before.
<br><br>You have a point, but I don't think it's the point you've been presenting.<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> But there's literally no one with AFS deployed now whose clients are ready<br>> for this transition.<br><br> Today isn't the point. Presumably, someday people *will* start to<br> transition. And, barring a worldwide flag-day, cells *will* make
<br> the transition at different times. Somebody *will* be the first<br> one to delete their "afs" principal.</blockquote><div><br>Yup. And then old clients get unauth access only.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Previously in this discussion it was said you need to upgrade all<br> your servers before you start upgrading your clients. So if, (on<br> that day that some other cell deletes "afs"), you haven't progressed
<br> far enough in your transition to where you can upgrade your clients,<br> it sounds to me like you are in trouble.</blockquote><div><br>Only if you want authenticated access. <br></div><br></div><br>
------=_Part_1665_25568824.1190917441653--