I know that this would be an "rx" change, but doing something like an
anonymous DH exchange with servers the first time you talk to them
would allow you to create a connection that would be resistant to
this sort of hijacking.
(yes, you'd still be open to a true man-in-the-middle attack; but
that man would have to be there at the beginning of the session.)
On Mar 23, 2007, at 09:36, Jim Rees wrote:
Before looking at solutions I think it would be a good idea to look
at the
requirements. Here are the ones I can think of:
1. Client must have a secure connection to the server even for what
are now
unathenticated connections
2. Client must be able to authenticate the server
3. It would be nice if this could be done with Kerberos rather than
making
afs depend on something else, like openssl and a public key
infrastructure
4. No special configuration required on the client
I think we agree on 1, I'm not sure about 2 but I think it's
obviously a
good idea, and we disagree on 3. We agree on 4 but you give it a
higher
priority than I do. I'd like to hear other peoples' opinions.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
