Adam Megacz wrote: > The advent of public-key email security resulted in a network effect: > it took very little effort to get access to a very large pool of > people with whom you could communicate securely. This offset the cost > of having to maintain a ~/.pgp and a lot more people wound up with > access to email encryption. > > I guess in this sense I should have said "would immensely accelerate > adoption" rather than "[lack of] is inhibiting adoption".
The number of people using e-mail encryption is such a small percentage of the e-mailing population that it is barely worth mentioning. The PGP model has not resulted in its inclusion as a default feature in the most common e-mail clients. Getting back to OpenAFS. If you want to use PGP with OpenAFS there really is nothing stopping you from do so today. All you have to do is implement a daemon that provides a function similar to gssklogd but instead of using GSS-API with X.509 certificates you would use a protocol that utilizes PGP to perform your authentication. The daemon would then generate a token and return it to the client so that it could be stored in the process authentication group. OpenAFS is not an authentication system. The AFS protection service is simply a database of name to ID mappings. The IDs are stored on the ACLs. How you choose to allocate AFS IDs is up to the cell administrator. The authentication service you choose to use is completely independent of the OpenAFS protection service and its ID allocation. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
