From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Simo Sorce <simo@redhat.com>
Cc: steved@redhat.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/7] Kill SPKM3 auth method
Date: Fri, 09 Mar 2012 16:31:57 -0500 [thread overview]
Message-ID: <4F5A76CD.9080809@fifthhorseman.net> (raw)
In-Reply-To: <1331322586-4631-1-git-send-email-simo@redhat.com>
On 03/09/2012 02:49 PM, Simo Sorce wrote:
> This authentication method is obsolete and it is time it dies for good.
Can i ask what it has been obsoleted by?
Neither https://tools.ietf.org/html/rfc2025 [SPKM] nor
https://tools.ietf.org/html/rfc2847 [LIPKEY] seem to suggest an
inheritor, and kerberos5 does not provide direct public-key-based
authentication (it's still reliant on an active and trusted third-party).
So it seems like SPKM and LIPKEY offer a cryptographic model that is
otherwise unavailable for authentication between NFS endpoints. What's
the urgency for removal?
--dkg
next prev parent reply other threads:[~2012-03-09 21:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-09 19:49 [PATCH 0/7] Kill SPKM3 auth method Simo Sorce
2012-03-09 19:49 ` [PATCH 1/7] Kill SPKM3: Remove spkm3 references from svcgssd Simo Sorce
2012-03-09 19:49 ` [PATCH 2/7] Kill SPKM3: Remove spkm3 support from gssd Simo Sorce
2012-03-09 19:49 ` [PATCH 3/7] Kill SPKM3: remove spkm3 from common gssd code Simo Sorce
2012-03-09 19:49 ` [PATCH 4/7] Kill SPKM3: Remove spkm3 support from nfs.mount Simo Sorce
2012-03-09 19:49 ` [PATCH 5/7] Kill SPKM3: Remove spkm3 support from exports Simo Sorce
2012-03-09 19:49 ` [PATCH 6/7] Kill SPKM3: Stop checking for spkm3.h in configure Simo Sorce
2012-03-09 19:49 ` [PATCH 7/7] Kill SPKM3: Remove mentions of SPKM3 from README Simo Sorce
2012-03-09 20:49 ` [PATCH 0/1] Kill SPKM3 auth method, addendum Simo Sorce
2012-03-09 20:49 ` [PATCH 1/1] Kill SPKM3: Remove also the dependent lipkey mechanism Simo Sorce
2012-03-09 21:31 ` Daniel Kahn Gillmor [this message]
2012-03-09 21:54 ` [PATCH 0/7] Kill SPKM3 auth method J. Bruce Fields
2012-03-11 3:32 ` Daniel Kahn Gillmor
2012-03-12 19:35 ` J. Bruce Fields
2012-03-12 20:35 ` Steve Dickson
-- strict thread matches above, loose matches on Subject: below --
2012-03-09 19:34 Simo Sorce
2012-03-09 20:11 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F5A76CD.9080809@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.