Jason Edgecombe <[EMAIL PROTECTED]> writes: > ok, dumb question time.
> Would using ASN.1 be more of a pain than helpful? I only say this > because I read in the O'Reilly kerberos book that Krb5 uses ASN.1 to > "future-proof" the encryption stuff and the protocol in general. I know > nothing about ASN.1 besides that it's use by Kerb5, SNMP, and a few > others. ASN.1 is an encoding mechanism for putting arbitrary data on the network and decoding it at the remote system. It's complex and hairy in places and is one of the more complicated parts of the protocols that use it. The difficulties with changing the AFS protocol aren't really related to AFS's data encoding format, but are more fundamentally because AFS's original design didn't anticipate the need for pluggable authentication and encryption methods and didn't include support for modern security technology (like GSSAPI) that didn't exist when the AFS protocol was designed. Marcus can comment on how ASN.1 plugs in to the rxk5 world. rxgk, as I understand it, uses GSSAPI, and therefore will be able to support any GSSAPI mechanism going forward (including non-Kerberos ones) as well as support any Kerberos enctype that is standardized for use with GSSAPI. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
