Sean O'Malley wrote: > On Fri, 23 Mar 2007, Adam Megacz wrote: >> This sounds really nice. One concern, though: how is the user alerted >> to this fact, and how does the user indicate "yes, it's okay to accept >> a new server key" without root access on the client? > > I echo this concern. Especially for users of portables. You can > have multiple IP #'s over a couple of different interfaces during the > course of a normal day.
Do you have AFS Servers running on the portables? In this solution it is the server that is given a key, not the clients. If the clients have a key, then they can just use Kerberos. > I would also like to see this design being able to be expanded to > cover detached from the network computing. If you are going to use a key, > then you could encrypt cachespace and a token or ticket or something and > possibly reuse a bunch of code. If you are using Windows, you can encrypt your cache today. Just mark the page file directory as encrypted. The SYSTEM account key will be used to encrypt the file. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
