Hi all, In the leadup to 1.8, there's been some talk about encrypting server-to-server traffic by default; gerrit 11349 for VolForward traffic has been sitting around for a while, but viced traffic to the dbservers could also get encrypted, and the ubik traffic as well.
This would of course need to be configurable for sites which are not willing to pay the performance penalty. It seems like we may not need or want to introduce individual knobs for each place where afsconf_ClientAuth is used, and could instead have a single knob for the everything that lives under the afsconf abstraction. Keeping it under the afsconf abstraction would give us a lot of flexibility in implementation, and also a convenient place to put a knob for using rxgk for client connections as well. At the moment, I'm thinking about a flat text file with key/value pairs. (Well, just one to start.) Does that seem reasonable? (Any ideas for what to name it?) Thoughts about whether we should encrypt server-to-server traffic by default are also welcome, including suggesting that discussion move to -info. -Ben _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
