Re: [nfsv4] AUTH_GSS for Callbacks
Nicolas Williams <Nicolas.Williams@sun.com> Thu, 30 October 2003 23:15 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA19731 for <nfsv4-archive@odin.ietf.org>; Thu, 30 Oct 2003 18:15:25 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AFM0R-0007zE-AP for nfsv4-archive@odin.ietf.org; Thu, 30 Oct 2003 18:15:07 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h9UNF7MT030694 for nfsv4-archive@odin.ietf.org; Thu, 30 Oct 2003 18:15:07 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AFM0P-0007yw-MK for nfsv4-web-archive@optimus.ietf.org; Thu, 30 Oct 2003 18:15:07 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA19684 for <nfsv4-web-archive@ietf.org>; Thu, 30 Oct 2003 18:14:53 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AFM0M-0004UB-00 for nfsv4-web-archive@ietf.org; Thu, 30 Oct 2003 18:15:02 -0500
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AFM0M-0004U8-00 for nfsv4-web-archive@ietf.org; Thu, 30 Oct 2003 18:15:02 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AFM0M-0007xl-TI; Thu, 30 Oct 2003 18:15:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AFLzb-0007vK-TP for nfsv4@optimus.ietf.org; Thu, 30 Oct 2003 18:14:16 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA19599 for <nfsv4@ietf.org>; Thu, 30 Oct 2003 18:14:03 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AFLzY-0004SG-00 for nfsv4@ietf.org; Thu, 30 Oct 2003 18:14:12 -0500
Received: from brmea-mail-2.sun.com ([192.18.98.43]) by ietf-mx with esmtp (Exim 4.12) id 1AFLzY-0004SD-00 for nfsv4@ietf.org; Thu, 30 Oct 2003 18:14:12 -0500
Received: from centralmail2brm.Central.Sun.COM ([129.147.62.14]) by brmea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id h9UNE3Ph007595; Thu, 30 Oct 2003 16:14:03 -0700 (MST)
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail2brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id h9UNE258024588; Thu, 30 Oct 2003 16:14:03 -0700 (MST)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.5+Sun/8.12.3) with ESMTP id h9UN9uQx026925; Thu, 30 Oct 2003 15:09:56 -0800 (PST)
Received: (from nw141292@localhost) by binky.central.sun.com (8.12.5+Sun/8.12.3/Submit) id h9UN9tSH026924; Thu, 30 Oct 2003 15:09:55 -0800 (PST)
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "wurzl, mario" <wurzl_mario@emc.com>
Cc: 'Kevin Coffman' <kwc@citi.umich.edu>, Mike Eisler <mike@eisler.com>, nfsv4@ietf.org
Subject: Re: [nfsv4] AUTH_GSS for Callbacks
Message-ID: <20031030230955.GC26891@binky.central.sun.com>
Mail-Followup-To: "wurzl, mario" <wurzl_mario@emc.com>, 'Kevin Coffman' <kwc@citi.umich.edu>, Mike Eisler <mike@eisler.com>, nfsv4@ietf.org
References: <FA2F59D0E55B4B4892EA076FF8704F55055449CD@srgraham.eng.emc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <FA2F59D0E55B4B4892EA076FF8704F55055449CD@srgraham.eng.emc.com>
User-Agent: Mutt/1.4i
Sender: nfsv4-admin@ietf.org
Errors-To: nfsv4-admin@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/nfsv4/>
X-Original-Date: Thu, 30 Oct 2003 15:09:55 -0800
Date: Thu, 30 Oct 2003 15:09:55 -0800
On Thu, Oct 30, 2003 at 05:41:37PM -0500, wurzl, mario wrote: > As protocol designers and implementers it is our duty to make a product to > easy to use as possible. > IT managers and administrators already complain about the complexities in > deploying and managing information systems, and the tendency is "again" > towards thin clients, but this time not because of the cost of the clients > as it has been in the past, but because of the cost in setting up and > managing these clients. > Introducing a new protocol that increases client administration costs, is > probably the most effective way to discourage deployment, and send the > protocol to the same basket with other great but unmanageable ideas, like > OSI. Single-user clients should not require acceptor credentials, but it does help if they have acceptor credentials (i.e., it will be more convenient to the user in general). Multi-user clients need acceptor credentials to really be secure. All that said, single-user clients using LIPKEY will not be able to use secure callback channels without SPKM-3 initiator and acceptor creds. This is a flaw in the spec that I think we can fix (repeat after me: CCM-MIC, CCM-MIC, CCM-MIC). Cheers, Nico -- _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] AUTH_GSS for Callbacks rick
- Re: [nfsv4] AUTH_GSS for Callbacks Nicolas Williams
- Re: [nfsv4] AUTH_GSS for Callbacks J. Bruce Fields
- Re: [nfsv4] AUTH_GSS for Callbacks Mike Eisler
- Re: [nfsv4] AUTH_GSS for Callbacks Nicolas Williams
- RE: [nfsv4] AUTH_GSS for Callbacks wurzl, mario
- Re: [nfsv4] AUTH_GSS for Callbacks Nicolas Williams
- Re: [nfsv4] AUTH_GSS for Callbacks J. Bruce Fields
- Re: [nfsv4] AUTH_GSS for Callbacks Mike Eisler
- Re: [nfsv4] AUTH_GSS for Callbacks Kevin Coffman
- RE: [nfsv4] AUTH_GSS for Callbacks wurzl, mario
- Re: [nfsv4] AUTH_GSS for Callbacks Mike Eisler
- Re: [nfsv4] AUTH_GSS for Callbacks Nicolas Williams