On 24 Feb 2011, at 23:54, Tom Keiser wrote: > What do people think of such a proposal?
My preference would be to require that new security layers include a place in which application specific data may be inserted to encode endpoint information. We'd then define both a "clear" security class that purely carries application specific data, and what that data should look like for the AFS-3 protocol. rxgk already contains space to carry this kind of data as part of the connection negotiation. I had thought that our discussion in Edinburgh had concluded that the correct place for encoding endpoint information was during security layer establishment. However, rxrpc-sec-clear seems to be proposing that the information is carried as part of the security header on every packet. This is a significant overhead, especially given the limited size of rx/udp packets, and the existing security overhead on these. It's unclear to me what benefits attaching this header to every packet provides, in contrast to the significant performance impact it will cause on bulk transfers. Cheers, Simon. _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
