Robert Banz wrote: I know that this would be an "rx" change, but doing something like an anonymous DH exchange with servers the first time you talk to them would allow you to create a connection that would be resistant to this sort of hijacking.
Yes, but if we're going to change something, I think it would be useful for the client to authenticate the server. If it doesn't, I don't see that we've really improved the situation. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
