Well, I'll try to be more clear. Several years ago, I asked what the long-term roadmap towards having AES and Kerberos5 was. At that time, we had the rxk5 code, and I thought the rough consensus was that rxgk was the long-term solution.
Since then every time I (or anyone else) asks, the response I hear is "rxgk is a year out". I'm not seeing much negotiating going on, or if there is, it's happening behind closed doors in proprietary implementations. As far as I can tell, rxk5 meets the 'AES+Kerberos' requirements that would solve the immediate problems of say 75% of the userbase. While this may not be 'standard', it is my opinion it passes the 'rough consensus and running code' test. I'm attempting to participate in the standards development as suggested at http://www.ietf.org/tao.html by implmenting things, and ensuring the implementation is available to internet users. This is where the standards process, at least for rxgk, seems to have completely stalled. There is no working rxgk code generally available to internet users without paying for it, and while it does prove its possible, it doesn't really help develop a good standard. On Tue, Oct 30, 2012 at 11:19:07PM -0400, Matt W. Benjamin wrote: > Hi, > > I don't think that's what Troy meant. > > At any rate, he -might- have meant he presumed there would be no interest in > standardizing rxk5 unless it turned out to be something that a significant > number of real sites wanted to use. > > Matt > > ----- "Gary Buhrmaster" <gary.buhrmas...@gmail.com> wrote: > > > On Tue, Oct 30, 2012 at 1:30 PM, Troy Benjegerdes <ho...@hozed.org> > > wrote: > > .... > > > What are the missing pieces needed to deploy RxK5? > > > I am going to start with the assumption that it will not > > > pass the standards process until after there are several > > > people running it in production. > > > > Please read https://www.ietf.org/about/process-docs.html > > Standards are not "I am running it in production, bless it now", > > it is more like a long term negotiation (with a lot of work > > along the way). > > -- > Matt Benjamin > The Linux Box > 206 South Fifth Ave. Suite 150 > Ann Arbor, MI 48104 > > http://linuxbox.com > > tel. 734-761-4689 > fax. 734-769-8938 > cel. 734-216-5309 _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
