>If al...@school.edu knows b...@commercial.com, and they have lunch and exchange >business cards, and both of them trust the administrators of school.edu and >commercial.com, why in the world do the admins of school.edu and commercial.com >even have to get involved for Alice and Bob to (securely) share files with >OpenAFS?
Unfortunately ... that's the whole "trusted third party" part of Kerberos; that's one of Kerberos's greatest strengths, but also one of it's biggest weaknesses. There was a protocol designed to make that easier (PKCROSS), but it never really got implemented (or even finished). >We have DNSSEC that can cryptographically authenticate both domains, what >needs to happen to have AFS allow adminstoratorless peer-to-peer file sharing? I think you're over-estimating DNSSEC deployment, but that only solves one direction (you can verify you're talking to the "correct" domain). It doesn't solve the other (harder) direction. As I see it, the basic problem is that AFS delegated it's authentication to Kerberos, and Kerberos is designed to solve security at the enterprise level. I'm not saying that the isn't a problem that's worth solving, but I can think of plenty of other problems that are of higher importance. --Ken _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
