[OpenAFS] RE: [OpenAFS-devel] rxgk development has been funded
Robert Milkowski
rmilkowski@task.gda.pl
Tue, 30 Oct 2012 20:11:44 -0000
It would be sufficient (krb+AES) and actually preferred.
> -----Original Message-----
> From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> admin@openafs.org] On Behalf Of Troy Benjegerdes
> Sent: 25 October 2012 23:55
> To: Robert Milkowski
> Cc: 'Matt W. Benjamin'; 'Jeffrey Altman'; openafs-info@openafs.org;
> openafs-devel@openafs.org; 'Benjamin Kaduk'
> Subject: Re: [OpenAFS-devel] rxgk development has been funded
>
> What are you looking to get out of rxgk?
>
> Is something that uses Kerberos authentication and AES encryption
> sufficient? Or do you need non-kerberos GSS-API mechanisms?
>
>
> On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote:
> >
> > I agree, that perhaps MIT instead of funding a new implementation,
> could actually work with YFS (and pay them) to get their implementation
> integrated into OpenAFS? That way all the work done by YFS wouldn't be
> wasted, and all of us would get rxgk sooner.
> >
> > --
> > Robert Milkowski
> > http://milek.blogspot.com
> >
> >
> > > -----Original Message-----
> > > From: openafs-devel-admin@openafs.org [mailto:openafs-devel-
> > > admin@openafs.org] On Behalf Of Matt W. Benjamin
> > > Sent: 25 October 2012 22:38
> > > To: Troy Benjegerdes
> > > Cc: Jeffrey Altman; openafs-info@openafs.org; openafs-
> > > devel@openafs.org; Benjamin Kaduk
> > > Subject: Re: [OpenAFS-devel] rxgk development has been funded
> > >
> > > Hi,
> > >
> > > Obviously, Marcus and I thought having such a mechanism was a good
> > > idea. When we started work, the idea of "standardizing" the
> > > protocol hadn't been formalized.
> > >
> > > The objections early on amounted somewhat, I feel, to "the great is
> > > the enemy of the good." It has been claimed that rxk5 is
> "unreviewable."
> > > This is special pleading, but, someone still would have to -want-
> to
> > > use it, and to review the work. Some people legitimately objected
> > > to the constant rekeying that rxk5 does, and if that were to be
> > > changed, you'd need to factor time for that into things.
> > >
> > > Having said that, it seems like the best of all possible worlds
> from
> > > our current position would be if, somehow, MIT and YFSi could
> > > collaborate on finalizing YFSi's current draft implementation,
> > > rather than moving back to square 2.
> > >
> > > Yes, I'm a well known skeptic on the topic of "standardization"--
> but
> > > I've been an active participant in new protocol design up-front on
> > > this list. There's no contradiction there: I think we don't need
> > > two implementations, we need to agree on the design of one.
> > >
> > > Regards,
> > >
> > > Matt
> > >
> > > ----- "Troy Benjegerdes" <hozer@hozed.org> wrote:
> > >
> > > >
> > > >
> > > > What are the roadblocks to standardizing an 'rxk5' transport that
> > > > supports any encryption mechanism(s) of the underlying kerberos
> > > > implementation, but does *not* use GSSAPI?
> > > >
> > > > Obviously this does not provide everything a full GSSAPI
> > > > implementation would, but it would provide some basic
> functionality.
> > > > _______________________________________________
> > > > OpenAFS-devel mailing list
> > > > OpenAFS-devel@openafs.org
> > > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> > >
> > > --
> > > Matt Benjamin
> > > The Linux Box
> > > 206 South Fifth Ave. Suite 150
> > > Ann Arbor, MI 48104
> > >
> > > http://linuxbox.com
> > >
> > > tel. 734-761-4689
> > > fax. 734-769-8938
> > > cel. 734-216-5309
> > > _______________________________________________
> > > OpenAFS-devel mailing list
> > > OpenAFS-devel@openafs.org
> > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel