[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded
Troy Benjegerdes
hozer@hozed.org
Thu, 25 Oct 2012 17:54:58 -0500
What are you looking to get out of rxgk?
Is something that uses Kerberos authentication and AES
encryption sufficient? Or do you need non-kerberos GSS-API
mechanisms?
On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote:
>
> I agree, that perhaps MIT instead of funding a new implementation, could actually work with YFS (and pay them) to get their implementation integrated into OpenAFS? That way all the work done by YFS wouldn't be wasted, and all of us would get rxgk sooner.
>
> --
> Robert Milkowski
> http://milek.blogspot.com
>
>
> > -----Original Message-----
> > From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> > admin@openafs.org] On Behalf Of Matt W. Benjamin
> > Sent: 25 October 2012 22:38
> > To: Troy Benjegerdes
> > Cc: Jeffrey Altman; openafs-info@openafs.org; openafs-
> > devel@openafs.org; Benjamin Kaduk
> > Subject: Re: [OpenAFS-devel] rxgk development has been funded
> >
> > Hi,
> >
> > Obviously, Marcus and I thought having such a mechanism was a good
> > idea. When we started work, the idea of "standardizing" the protocol
> > hadn't been formalized.
> >
> > The objections early on amounted somewhat, I feel, to "the great is the
> > enemy of the good." It has been claimed that rxk5 is "unreviewable."
> > This is special pleading, but, someone still would have to -want- to
> > use it, and to review the work. Some people legitimately objected to
> > the constant rekeying that rxk5 does, and if that were to be changed,
> > you'd need to factor time for that into things.
> >
> > Having said that, it seems like the best of all possible worlds from
> > our current position would be if, somehow, MIT and YFSi could
> > collaborate on finalizing YFSi's current draft implementation, rather
> > than moving back to square 2.
> >
> > Yes, I'm a well known skeptic on the topic of "standardization"--but
> > I've been an active participant in new protocol design up-front on this
> > list. There's no contradiction there: I think we don't need two
> > implementations, we need to agree on the design of one.
> >
> > Regards,
> >
> > Matt
> >
> > ----- "Troy Benjegerdes" <hozer@hozed.org> wrote:
> >
> > >
> > >
> > > What are the roadblocks to standardizing an 'rxk5' transport that
> > > supports any encryption mechanism(s) of the underlying kerberos
> > > implementation, but does *not* use GSSAPI?
> > >
> > > Obviously this does not provide everything a full GSSAPI
> > > implementation would, but it would provide some basic functionality.
> > > _______________________________________________
> > > OpenAFS-devel mailing list
> > > OpenAFS-devel@openafs.org
> > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
> > --
> > Matt Benjamin
> > The Linux Box
> > 206 South Fifth Ave. Suite 150
> > Ann Arbor, MI 48104
> >
> > http://linuxbox.com
> >
> > tel. 734-761-4689
> > fax. 734-769-8938
> > cel. 734-216-5309
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
>