Bill Sommerfeld wrote: > On Wed, 2007-08-22 at 13:42 -0700, Alan Wright wrote: > > > The case timer was extended to 8/29/2007 during today's meeting due to > > > outstanding unanswered questions. > > > > > > Specifically, the questions I asked on 8/15 have not yet been answered, > > > and Gary's discussion hadn't converged. > > > > I think the disucssion with Gary has converged. > > Gary said otherwise during the meeting today.
Perhaps he hasn't seen my latest email or maybe he is just waiting for the updated docs. AFAIA, I've aligned the project per Gary's RBAC suggestions and he agreed with the audit statement I made earlier this week. > > I'm sure Gary > > will correct me if I've misinterpreted but we seem to be > > aligned on both the auditing and RBAC requirements. Updated > > NDMP documents should be out either today or tomorrow. > > > > The general opinion seemsed to be that adding two-way encryption > > to the read-protected password property wasn't worthwhile for this > > case. I thought this issue was closed. > > No, it's not closed. See my message dated 15 Aug 2007 10:51:39 -0400; > the current password-in-files policy says that if you're storing a > password you need at the very least some sort of reversible obfuscation > to protect against shoulder-surfing-the-admin attacks. I think there were a couple of responses from other people that suggested that was unnecessary and I didn't see a response from you, which is why I thought that was closed. I'll need to get some direction on this and get back to you. > > having > > separate, per algorithm keys in this case may give the perception > > of added security but, in order to allow clients to negotiate > > either option, the keys would have to be set to the same value. > > Well, that's not immediately clear to me, but before we go back down > this path, can you answer the question I asked in my message dated > Wed, 15 Aug 2007 15:54:57 -0400 > > It might affect my views if I had a better idea of the fraction of > clients out there which only do plaintext passwords. If nobody did > cram-md5, this would be irrelevant. If everyone did cram-md5, we > wouldn't need to support plaintext passwords. But is it 90-10, > 50-50, or what? > > I need that information to evaluate your proposal. I don't have it. Sorry we don't have that information and we are unlikely to be able to provide a definitive answer. Some clients use only plain-text, some use cram-md5. ndmpd supports multiple versions of the protocol and there are may be some older clients that use plain-text but newer revisions of those same clients use v4 and cram-md5. We haven't tested clients that use cram-md5 to see if they fallback to plain-text because ndmpd currenntly offers both options and the client is free to choose the algorithm at its discretion. We don't have access to every client and some certifications are done by client vendors at their sites, i.e. we haven't had an opportunity to test in-house with all the clients with which ndmpd has been certified. Alan
