[OpenAFS] RE: [OpenAFS-devel] rxgk development has been funded

Robert Milkowski rmilkowski@task.gda.pl
Thu, 25 Oct 2012 23:08:35 +0100


I agree, that perhaps MIT instead of funding a new implementation, could =
actually work with YFS (and pay them) to get their implementation =
integrated into OpenAFS? That way all the work done by YFS wouldn't be =
wasted, and all of us would get rxgk sooner.

--=20
Robert Milkowski
http://milek.blogspot.com


> -----Original Message-----
> From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> admin@openafs.org] On Behalf Of Matt W. Benjamin
> Sent: 25 October 2012 22:38
> To: Troy Benjegerdes
> Cc: Jeffrey Altman; openafs-info@openafs.org; openafs-
> devel@openafs.org; Benjamin Kaduk
> Subject: Re: [OpenAFS-devel] rxgk development has been funded
>=20
> Hi,
>=20
> Obviously, Marcus and I thought having such a mechanism was a good
> idea.  When we started work, the idea of "standardizing" the protocol
> hadn't been formalized.
>=20
> The objections early on amounted somewhat, I feel, to "the great is =
the
> enemy of the good."  It has been claimed that rxk5 is "unreviewable."
> This is special pleading, but, someone still would have to -want- to
> use it, and to review the work.  Some people legitimately objected to
> the constant rekeying that rxk5 does, and if that were to be changed,
> you'd need to factor time for that into things.
>=20
> Having said that, it seems like the best of all possible worlds from
> our current position would be if, somehow, MIT and YFSi could
> collaborate on finalizing YFSi's current draft implementation, rather
> than moving back to square 2.
>=20
> Yes, I'm a well known skeptic on the topic of "standardization"--but
> I've been an active participant in new protocol design up-front on =
this
> list.  There's no contradiction there: I think we don't need two
> implementations, we need to agree on the design of one.
>=20
> Regards,
>=20
> Matt
>=20
> ----- "Troy Benjegerdes" <hozer@hozed.org> wrote:
>=20
> >
> >
> > What are the roadblocks to standardizing an 'rxk5' transport that
> > supports any encryption mechanism(s) of the underlying kerberos
> > implementation, but does *not* use GSSAPI?
> >
> > Obviously this does not provide everything a full GSSAPI
> > implementation would, but it would provide some basic functionality.
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
>=20
> --
> Matt Benjamin
> The Linux Box
> 206 South Fifth Ave. Suite 150
> Ann Arbor, MI  48104
>=20
> http://linuxbox.com
>=20
> tel. 734-761-4689
> fax. 734-769-8938
> cel. 734-216-5309
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel