[OpenAFS] Re: [OpenAFS-devel] rxgk development has been funded

Troy Benjegerdes hozer@hozed.org
Tue, 30 Oct 2012 15:30:37 -0500


Would a deployable implementation of RxK5 as proposed by
Marcus Watts and Matt Benjamin a few years ago meet your 
needs?

What are the missing pieces needed to deploy RxK5?
I am going to start with the assumption that it will not
pass the standards process until after there are several
people running it in production.

On Tue, Oct 30, 2012 at 08:11:44PM -0000, Robert Milkowski wrote:
> 
> It would be sufficient (krb+AES) and actually preferred.
> 
> 
> > -----Original Message-----
> > From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> > admin@openafs.org] On Behalf Of Troy Benjegerdes
> > Sent: 25 October 2012 23:55
> > To: Robert Milkowski
> > Cc: 'Matt W. Benjamin'; 'Jeffrey Altman'; openafs-info@openafs.org;
> > openafs-devel@openafs.org; 'Benjamin Kaduk'
> > Subject: Re: [OpenAFS-devel] rxgk development has been funded
> > 
> > What are you looking to get out of rxgk?
> > 
> > Is something that uses Kerberos authentication and AES encryption
> > sufficient? Or do you need non-kerberos GSS-API mechanisms?
> > 
> > 
> > On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote:
> > >
> > > I agree, that perhaps MIT instead of funding a new implementation,
> > could actually work with YFS (and pay them) to get their implementation
> > integrated into OpenAFS? That way all the work done by YFS wouldn't be
> > wasted, and all of us would get rxgk sooner.
> > >
> > > --
> > > Robert Milkowski
> > > http://milek.blogspot.com
> > >
> > >
> > > > -----Original Message-----
> > > > From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> > > > admin@openafs.org] On Behalf Of Matt W. Benjamin
> > > > Sent: 25 October 2012 22:38
> > > > To: Troy Benjegerdes
> > > > Cc: Jeffrey Altman; openafs-info@openafs.org; openafs-
> > > > devel@openafs.org; Benjamin Kaduk
> > > > Subject: Re: [OpenAFS-devel] rxgk development has been funded
> > > >
> > > > Hi,
> > > >
> > > > Obviously, Marcus and I thought having such a mechanism was a good
> > > > idea.  When we started work, the idea of "standardizing" the
> > > > protocol hadn't been formalized.
> > > >
> > > > The objections early on amounted somewhat, I feel, to "the great is
> > > > the enemy of the good."  It has been claimed that rxk5 is
> > "unreviewable."
> > > > This is special pleading, but, someone still would have to -want-
> > to
> > > > use it, and to review the work.  Some people legitimately objected
> > > > to the constant rekeying that rxk5 does, and if that were to be
> > > > changed, you'd need to factor time for that into things.
> > > >
> > > > Having said that, it seems like the best of all possible worlds
> > from
> > > > our current position would be if, somehow, MIT and YFSi could
> > > > collaborate on finalizing YFSi's current draft implementation,
> > > > rather than moving back to square 2.
> > > >
> > > > Yes, I'm a well known skeptic on the topic of "standardization"--
> > but
> > > > I've been an active participant in new protocol design up-front on
> > > > this list.  There's no contradiction there: I think we don't need
> > > > two implementations, we need to agree on the design of one.
> > > >
> > > > Regards,
> > > >
> > > > Matt
> > > >
> > > > ----- "Troy Benjegerdes" <hozer@hozed.org> wrote:
> > > >
> > > > >
> > > > >
> > > > > What are the roadblocks to standardizing an 'rxk5' transport that
> > > > > supports any encryption mechanism(s) of the underlying kerberos
> > > > > implementation, but does *not* use GSSAPI?
> > > > >
> > > > > Obviously this does not provide everything a full GSSAPI
> > > > > implementation would, but it would provide some basic
> > functionality.
> > > > > _______________________________________________
> > > > > OpenAFS-devel mailing list
> > > > > OpenAFS-devel@openafs.org
> > > > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> > > >
> > > > --
> > > > Matt Benjamin
> > > > The Linux Box
> > > > 206 South Fifth Ave. Suite 150
> > > > Ann Arbor, MI  48104
> > > >
> > > > http://linuxbox.com
> > > >
> > > > tel. 734-761-4689
> > > > fax. 734-769-8938
> > > > cel. 734-216-5309
> > > > _______________________________________________
> > > > OpenAFS-devel mailing list
> > > > OpenAFS-devel@openafs.org
> > > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> > >
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
>