[OpenAFS] RE: [OpenAFS-devel] rxgk development has been funded
Thu, 25 Oct 2012 23:08:35 +0100
I agree, that perhaps MIT instead of funding a new implementation, could =
actually work with YFS (and pay them) to get their implementation =
integrated into OpenAFS? That way all the work done by YFS wouldn't be =
wasted, and all of us would get rxgk sooner.
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:openafs-devel-
> email@example.com] On Behalf Of Matt W. Benjamin
> Sent: 25 October 2012 22:38
> To: Troy Benjegerdes
> Cc: Jeffrey Altman; firstname.lastname@example.org; openafs-
> email@example.com; Benjamin Kaduk
> Subject: Re: [OpenAFS-devel] rxgk development has been funded
> Obviously, Marcus and I thought having such a mechanism was a good
> idea. When we started work, the idea of "standardizing" the protocol
> hadn't been formalized.
> The objections early on amounted somewhat, I feel, to "the great is =
> enemy of the good." It has been claimed that rxk5 is "unreviewable."
> This is special pleading, but, someone still would have to -want- to
> use it, and to review the work. Some people legitimately objected to
> the constant rekeying that rxk5 does, and if that were to be changed,
> you'd need to factor time for that into things.
> Having said that, it seems like the best of all possible worlds from
> our current position would be if, somehow, MIT and YFSi could
> collaborate on finalizing YFSi's current draft implementation, rather
> than moving back to square 2.
> Yes, I'm a well known skeptic on the topic of "standardization"--but
> I've been an active participant in new protocol design up-front on =
> list. There's no contradiction there: I think we don't need two
> implementations, we need to agree on the design of one.
> ----- "Troy Benjegerdes" <firstname.lastname@example.org> wrote:
> > What are the roadblocks to standardizing an 'rxk5' transport that
> > supports any encryption mechanism(s) of the underlying kerberos
> > implementation, but does *not* use GSSAPI?
> > Obviously this does not provide everything a full GSSAPI
> > implementation would, but it would provide some basic functionality.
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFSemail@example.com
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> Matt Benjamin
> The Linux Box
> 206 South Fifth Ave. Suite 150
> Ann Arbor, MI 48104
> tel. 734-761-4689
> fax. 734-769-8938
> cel. 734-216-5309
> OpenAFS-devel mailing list