Does there necessarily have to be a transparent rekeying operation? Why
not just have the application layer return VICETOKENDEAD or some such and
have the client create a new connection (the cm already has code for
this...)
When the other end receives packets with a later version
number, it should start sending using a key with that version number,
too.
Since my earlier suggestion will undoubtedly lose out....
This should only happen if packets bearing new key version numbers are
successfully validated. an attacker should not be able to change which key
one side is using... Also, the size of the key version number space and
what happens when all available key versions are exhausted should be
documented.
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
