On Mar 23, 2007, at 10:04, Jim Rees wrote:
Robert Banz wrote:
I know that this would be an "rx" change, but doing something
like an
anonymous DH exchange with servers the first time you talk to them
would allow you to create a connection that would be resistant to
this sort of hijacking.
Yes, but if we're going to change something, I think it would be
useful for
the client to authenticate the server. If it doesn't, I don't see
that
we've really improved the situation.
So, you're going to issue client credentials to all of your AFS clients?
A valiant attempt, but I see practicality and management issues. ;)
I think it's a great idea, but the ability to fall back to something
that's "reasonably secure" would be nice. There's also the approach
ssh takes -- the first time you contact the server (ever) we store
the server's "key", and keep it around. If something funky DOES
happen at some point, you'll know somethin's wrotten...
-rob
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
