On Sun, May 17, 2009 at 12:17 PM, David Boyes <[email protected]> wrote: > > On 5/16/09 8:57 PM, "Derrick Brashear" <[email protected]> wrote: > >> spoofable, or do you think we *never* need to configure encryption? > > No. If the network is compromised to that degree, then local files are also > unsafe. > > I don't think I specified how it should be implemented other than at a high > level. I would expect that the implementor wasn't a compleat idiot, but that > may be overly optimistic.
well, if you send the file over the network, i'd want to encrypt it. the chicken and egg problem is the obvious one, and matters from the standpoint of if, say, a kerberos principal used to encrypt configuration transfers can itself be configured in the file you're transferring. in truth, if i were going to write a configuration service (which isn't a bad idea at all) i'd want it to not pass the file anyway; i'd pass options and let the other end add them to its config; if a client of this service wished to subscribe exclusively to the advertised options, fine; otherwise, it would have the option of accepting only changes. -- Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
