On Fri, 2 Nov 2012 18:15:40 -0400 (EDT) Benjamin Kaduk <[email protected]> wrote:
> Good point. I've got in my local copy: > SHOULD only offer the CombineTokens operation to clients connecting > - over an rxgk secured connection.</t> > + over an rxgk secured connection, with an RXGK_Level of > RXGK_LEVEL_AUTH > + or higher.</t> > > I'm wavering on higher vs. better (or something else). While I don't find this terribly important, we might just want to say to accept anything except CLEAR for now, and specify why (avoid DoS via a hijacked connection, though interception of data is fine). I would have thought that a BIND connection could possibly allow hijacking while still providing other security requirements (like CLEAR). That would mean a BIND connection may or may not be allowable here, depending on the underlying layer, which is why the reason for the level requirement should perhaps be mentioned. -- Andrew Deason [email protected] _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
