It would be sufficient (krb+AES) and actually preferred.
> -----Original Message----- > From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- > ad...@openafs.org] On Behalf Of Troy Benjegerdes > Sent: 25 October 2012 23:55 > To: Robert Milkowski > Cc: 'Matt W. Benjamin'; 'Jeffrey Altman'; openafs-i...@openafs.org; > openafs-devel@openafs.org; 'Benjamin Kaduk' > Subject: Re: [OpenAFS-devel] rxgk development has been funded > > What are you looking to get out of rxgk? > > Is something that uses Kerberos authentication and AES encryption > sufficient? Or do you need non-kerberos GSS-API mechanisms? > > > On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote: > > > > I agree, that perhaps MIT instead of funding a new implementation, > could actually work with YFS (and pay them) to get their implementation > integrated into OpenAFS? That way all the work done by YFS wouldn't be > wasted, and all of us would get rxgk sooner. > > > > -- > > Robert Milkowski > > http://milek.blogspot.com > > > > > > > -----Original Message----- > > > From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- > > > ad...@openafs.org] On Behalf Of Matt W. Benjamin > > > Sent: 25 October 2012 22:38 > > > To: Troy Benjegerdes > > > Cc: Jeffrey Altman; openafs-i...@openafs.org; openafs- > > > de...@openafs.org; Benjamin Kaduk > > > Subject: Re: [OpenAFS-devel] rxgk development has been funded > > > > > > Hi, > > > > > > Obviously, Marcus and I thought having such a mechanism was a good > > > idea. When we started work, the idea of "standardizing" the > > > protocol hadn't been formalized. > > > > > > The objections early on amounted somewhat, I feel, to "the great is > > > the enemy of the good." It has been claimed that rxk5 is > "unreviewable." > > > This is special pleading, but, someone still would have to -want- > to > > > use it, and to review the work. Some people legitimately objected > > > to the constant rekeying that rxk5 does, and if that were to be > > > changed, you'd need to factor time for that into things. > > > > > > Having said that, it seems like the best of all possible worlds > from > > > our current position would be if, somehow, MIT and YFSi could > > > collaborate on finalizing YFSi's current draft implementation, > > > rather than moving back to square 2. > > > > > > Yes, I'm a well known skeptic on the topic of "standardization"-- > but > > > I've been an active participant in new protocol design up-front on > > > this list. There's no contradiction there: I think we don't need > > > two implementations, we need to agree on the design of one. > > > > > > Regards, > > > > > > Matt > > > > > > ----- "Troy Benjegerdes" <ho...@hozed.org> wrote: > > > > > > > > > > > > > > > What are the roadblocks to standardizing an 'rxk5' transport that > > > > supports any encryption mechanism(s) of the underlying kerberos > > > > implementation, but does *not* use GSSAPI? > > > > > > > > Obviously this does not provide everything a full GSSAPI > > > > implementation would, but it would provide some basic > functionality. > > > > _______________________________________________ > > > > OpenAFS-devel mailing list > > > > OpenAFS-devel@openafs.org > > > > https://lists.openafs.org/mailman/listinfo/openafs-devel > > > > > > -- > > > Matt Benjamin > > > The Linux Box > > > 206 South Fifth Ave. Suite 150 > > > Ann Arbor, MI 48104 > > > > > > http://linuxbox.com > > > > > > tel. 734-761-4689 > > > fax. 734-769-8938 > > > cel. 734-216-5309 > > > _______________________________________________ > > > OpenAFS-devel mailing list > > > OpenAFS-devel@openafs.org > > > https://lists.openafs.org/mailman/listinfo/openafs-devel > > > _______________________________________________ > OpenAFS-devel mailing list > OpenAFS-devel@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-devel _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
