[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded

Troy Benjegerdes hozer@hozed.org
Wed, 31 Oct 2012 18:51:03 -0500


Well, I'll try to be more clear.

Several years ago, I asked what the long-term roadmap towards 
having AES and Kerberos5 was. At that time, we had the rxk5 code,
and I thought the rough consensus was that rxgk was the long-term
solution.

Since then every time I (or anyone else) asks, the response I hear
is "rxgk is a year out".

I'm not seeing much negotiating going on, or if there is, it's
happening behind closed doors in proprietary implementations.

As far as I can tell, rxk5 meets the 'AES+Kerberos' requirements
that would solve the immediate problems of say 75% of the userbase.
While this may not be 'standard', it is my opinion it passes the 
'rough consensus and running code' test.


I'm attempting to participate in the standards development as
suggested at http://www.ietf.org/tao.html by implmenting things,
and ensuring the implementation is available to internet users.

This is where the standards process, at least for rxgk, seems 
to have completely stalled. There is no working rxgk code generally
available to internet users without paying for it, and while it 
does prove its possible, it doesn't really help develop a good 
standard.


On Tue, Oct 30, 2012 at 11:19:07PM -0400, Matt W. Benjamin wrote:
> Hi,
> 
> I don't think that's what Troy meant.
> 
> At any rate, he -might- have meant he presumed there would be no interest in standardizing rxk5 unless it turned out to be something that a significant number of real sites wanted to use.
> 
> Matt
> 
> ----- "Gary Buhrmaster" <gary.buhrmaster@gmail.com> wrote:
> 
> > On Tue, Oct 30, 2012 at 1:30 PM, Troy Benjegerdes <hozer@hozed.org>
> > wrote:
> > ....
> > > What are the missing pieces needed to deploy RxK5?
> > > I am going to start with the assumption that it will not
> > > pass the standards process until after there are several
> > > people running it in production.
> > 
> > Please read https://www.ietf.org/about/process-docs.html
> > Standards are not "I am running it in production, bless it now",
> > it is more like a long term negotiation (with a lot of work
> > along the way).
> 
> -- 
> Matt Benjamin
> The Linux Box
> 206 South Fifth Ave. Suite 150
> Ann Arbor, MI  48104
> 
> http://linuxbox.com
> 
> tel. 734-761-4689
> fax. 734-769-8938
> cel. 734-216-5309