What are you looking to get out of rxgk? Is something that uses Kerberos authentication and AES encryption sufficient? Or do you need non-kerberos GSS-API mechanisms?
On Thu, Oct 25, 2012 at 11:08:35PM +0100, Robert Milkowski wrote: > > I agree, that perhaps MIT instead of funding a new implementation, could > actually work with YFS (and pay them) to get their implementation integrated > into OpenAFS? That way all the work done by YFS wouldn't be wasted, and all > of us would get rxgk sooner. > > -- > Robert Milkowski > http://milek.blogspot.com > > > > -----Original Message----- > > From: openafs-devel-ad...@openafs.org [mailto:openafs-devel- > > ad...@openafs.org] On Behalf Of Matt W. Benjamin > > Sent: 25 October 2012 22:38 > > To: Troy Benjegerdes > > Cc: Jeffrey Altman; openafs-info@openafs.org; openafs- > > de...@openafs.org; Benjamin Kaduk > > Subject: Re: [OpenAFS-devel] rxgk development has been funded > > > > Hi, > > > > Obviously, Marcus and I thought having such a mechanism was a good > > idea. When we started work, the idea of "standardizing" the protocol > > hadn't been formalized. > > > > The objections early on amounted somewhat, I feel, to "the great is the > > enemy of the good." It has been claimed that rxk5 is "unreviewable." > > This is special pleading, but, someone still would have to -want- to > > use it, and to review the work. Some people legitimately objected to > > the constant rekeying that rxk5 does, and if that were to be changed, > > you'd need to factor time for that into things. > > > > Having said that, it seems like the best of all possible worlds from > > our current position would be if, somehow, MIT and YFSi could > > collaborate on finalizing YFSi's current draft implementation, rather > > than moving back to square 2. > > > > Yes, I'm a well known skeptic on the topic of "standardization"--but > > I've been an active participant in new protocol design up-front on this > > list. There's no contradiction there: I think we don't need two > > implementations, we need to agree on the design of one. > > > > Regards, > > > > Matt > > > > ----- "Troy Benjegerdes" <ho...@hozed.org> wrote: > > > > > > > > > > > What are the roadblocks to standardizing an 'rxk5' transport that > > > supports any encryption mechanism(s) of the underlying kerberos > > > implementation, but does *not* use GSSAPI? > > > > > > Obviously this does not provide everything a full GSSAPI > > > implementation would, but it would provide some basic functionality. > > > _______________________________________________ > > > OpenAFS-devel mailing list > > > openafs-de...@openafs.org > > > https://lists.openafs.org/mailman/listinfo/openafs-devel > > > > -- > > Matt Benjamin > > The Linux Box > > 206 South Fifth Ave. Suite 150 > > Ann Arbor, MI 48104 > > > > http://linuxbox.com > > > > tel. 734-761-4689 > > fax. 734-769-8938 > > cel. 734-216-5309 > > _______________________________________________ > > OpenAFS-devel mailing list > > openafs-de...@openafs.org > > https://lists.openafs.org/mailman/listinfo/openafs-devel > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info