> > > We aren't going to break existing deployments of AFS. > > So all future releases of OpenAFS forever will support rxkad > > and K4/DES-based tokens? And there will be no way for a cell > > to turn that off? Really?
> You have the source. You can always patch it. So that's obviously false. Well, that's a tautology isn't it. You can always say "we aren't going to break it, you can always patch it yourself". > But there's literally no one with AFS deployed now whose clients are ready > for this transition. Today isn't the point. Presumably, someday people *will* start to transition. And, barring a worldwide flag-day, cells *will* make the transition at different times. Somebody *will* be the first one to delete their "afs" principal. Previously in this discussion it was said you need to upgrade all your servers before you start upgrading your clients. So if, (on that day that some other cell deletes "afs"), you haven't progressed far enough in your transition to where you can upgrade your clients, it sounds to me like you are in trouble. And, you have the ever-increasing weakness of DES keys which I presume will be pushing some cells to try to complete the transition as fast as possible. This, to me, seems to be the sort of thing people need to be aware of for planning purposes. John _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
