Adam Megacz wrote: I don't think anybody is suggesting reliance on public-key *infrastructure*.
All I mean by "infrastructure" is that the client needs some way of knowing that the public key the server hands it is correct. There are several possibilities: 1. The Verisign way, with CRLs, CAs, etc. Ugh. I don't think anyone wants this. 2. Server key is provided along with the client software, possibly as part of CellServDB (the Marcus way). 3. Server key is provided by secure dns (pigs will fly first I predict) 4. The ssh way: client remembers the key, complains if it changes In particular, I would object to having the server simply provide the key to the client at startup time with no further checks. I'm also not happy about making afs depend on openssl, but it looks like I'm in a minority here so if the rest of you are happy with this I will withdraw my objection. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
