Re: crypto performance and RPCSEC_GSS

From: Brent Callaghan (brent@eng.sun.com)
Date: 12/20/02-06:26:50 PM Z

• Next message: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"
• Previous message: Nicolas Williams: "Re: NFSv4, Kerberos V5, and AES"
• In reply to: Mike Eisler: "crypto performance and RPCSEC_GSS"
• Next in thread: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"
• Reply: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"

Message-ID: <3E03B54A.6090604@eng.sun.com>
Date: Fri, 20 Dec 2002 16:26:50 -0800
From: Brent Callaghan <brent@eng.sun.com>
Subject: Re: crypto performance and RPCSEC_GSS

Mike Eisler wrote:
> :
 > :
> For the replication/migration protocol, we don't even
> need the lightweight "name" mechanism. Since
> we appear to have reached consensus that there will be just one session
> per transport connection, then at session creation time we would use
> a secure mechanism that identifies the source and target,
> and, if the target believes the connection to be secure,
> negotiate down to AUTH_NONE. We might as well use something
> resembling SECINFO.

If connection-based security is appropriate for a repl-mig
protocol then it would be more appropriate to use a connection
based standard like SASL, rather than transaction-oriented
security of RPCSEC_GSS.

BTW: another example of a XDR-based protocol that uses
async messaging: NDMP.

	Brent

• Next message: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"
• Previous message: Nicolas Williams: "Re: NFSv4, Kerberos V5, and AES"
• In reply to: Mike Eisler: "crypto performance and RPCSEC_GSS"
• Next in thread: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"
• Reply: Mike Eisler: "Re: crypto performance and RPCSEC_GSS"

This archive was generated by hypermail 2.1.2 : 03/04/05-01:50:45 AM Z CST