[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded

Matt W. Benjamin matt@linuxbox.com
Thu, 25 Oct 2012 17:37:40 -0400 (EDT)


Hi,

Obviously, Marcus and I thought having such a mechanism was a good idea.  When we started work, the idea of "standardizing" the protocol hadn't been formalized.

The objections early on amounted somewhat, I feel, to "the great is the enemy of the good."  It has been claimed that rxk5 is "unreviewable."  This is special pleading, but, someone still would have to -want- to use it, and to review the work.  Some people legitimately objected to the constant rekeying that rxk5 does, and if that were to be changed, you'd need to factor time for that into things.

Having said that, it seems like the best of all possible worlds from our current position would be if, somehow, MIT and YFSi could collaborate on finalizing YFSi's current draft implementation, rather than moving back to square 2.

Yes, I'm a well known skeptic on the topic of "standardization"--but I've been an active participant in new protocol design up-front on this list.  There's no contradiction there: I think we don't need two implementations, we need to agree on the design of one.

Regards,

Matt

----- "Troy Benjegerdes" <hozer@hozed.org> wrote:

> 
> 
> What are the roadblocks to standardizing an 'rxk5' transport that
> supports
> any encryption mechanism(s) of the underlying kerberos implementation,
> but
> does *not* use GSSAPI?
> 
> Obviously this does not provide everything a full GSSAPI
> implementation 
> would, but it would provide some basic functionality.
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 
Matt Benjamin
The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104

http://linuxbox.com

tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309