[OpenAFS] Selecting a configuration file format for OpenAFS Services

Derrick Brashear shadow@gmail.com
Sun, 17 May 2009 12:36:44 -0400


On Sun, May 17, 2009 at 12:17 PM, David Boyes <dboyes@sinenomine.net> wrote=
:
>
> On 5/16/09 8:57 PM, "Derrick Brashear" <shadow@gmail.com> wrote:
>
>> spoofable, or do you think we *never* need to configure encryption?
>
> No. =A0If the network is compromised to that degree, then local files are=
 also
> unsafe.
>
> I don't think I specified how it should be implemented other than at a hi=
gh
> level. I would expect that the implementor wasn't a compleat idiot, but t=
hat
> may be overly optimistic.

well, if you send the file over the network, i'd want to encrypt it.
the chicken and egg problem is the obvious one, and matters from the
standpoint of if, say, a kerberos principal used to encrypt
configuration transfers can itself be configured in the file you're
transferring.

in truth, if i were going to write a configuration service (which
isn't a bad idea at all) i'd want it to not pass the file anyway; i'd
pass options and let the other end add them to its config; if a client
of this service wished to subscribe exclusively to the advertised
options, fine; otherwise, it would have the option of accepting only
changes.



--=20
Derrick