What are you looking to get out of rxgk? Is something that uses Kerberos authentication and AES encryption sufficient? Or do you need non-kerberos GSS-API mechanisms?
On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote: > > I agree, that perhaps MIT instead of funding a new implementation, could > actually work with YFS (and pay them) to get their implementation integrated > into OpenAFS? That way all the work done by YFS wouldn't be wasted, and all > of us would get rxgk sooner. > > -- > Robert Milkowski > http://milek.blogspot.com > > > > -----Original Message----- > > From: [email protected] [mailto:openafs-devel- > > [email protected]] On Behalf Of Matt W. Benjamin > > Sent: 25 October 2012 22:38 > > To: Troy Benjegerdes > > Cc: Jeffrey Altman; [email protected]; openafs- > > [email protected]; Benjamin Kaduk > > Subject: Re: [OpenAFS-devel] rxgk development has been funded > > > > Hi, > > > > Obviously, Marcus and I thought having such a mechanism was a good > > idea. When we started work, the idea of "standardizing" the protocol > > hadn't been formalized. > > > > The objections early on amounted somewhat, I feel, to "the great is the > > enemy of the good." It has been claimed that rxk5 is "unreviewable." > > This is special pleading, but, someone still would have to -want- to > > use it, and to review the work. Some people legitimately objected to > > the constant rekeying that rxk5 does, and if that were to be changed, > > you'd need to factor time for that into things. > > > > Having said that, it seems like the best of all possible worlds from > > our current position would be if, somehow, MIT and YFSi could > > collaborate on finalizing YFSi's current draft implementation, rather > > than moving back to square 2. > > > > Yes, I'm a well known skeptic on the topic of "standardization"--but > > I've been an active participant in new protocol design up-front on this > > list. There's no contradiction there: I think we don't need two > > implementations, we need to agree on the design of one. > > > > Regards, > > > > Matt > > > > ----- "Troy Benjegerdes" <[email protected]> wrote: > > > > > > > > > > > What are the roadblocks to standardizing an 'rxk5' transport that > > > supports any encryption mechanism(s) of the underlying kerberos > > > implementation, but does *not* use GSSAPI? > > > > > > Obviously this does not provide everything a full GSSAPI > > > implementation would, but it would provide some basic functionality. > > > _______________________________________________ > > > OpenAFS-devel mailing list > > > [email protected] > > > https://lists.openafs.org/mailman/listinfo/openafs-devel > > > > -- > > Matt Benjamin > > The Linux Box > > 206 South Fifth Ave. Suite 150 > > Ann Arbor, MI 48104 > > > > http://linuxbox.com > > > > tel. 734-761-4689 > > fax. 734-769-8938 > > cel. 734-216-5309 > > _______________________________________________ > > OpenAFS-devel mailing list > > [email protected] > > https://lists.openafs.org/mailman/listinfo/openafs-devel > _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
