From: Nicolas Williams (Nicolas.Williams@sun.com)
Date: 10/30/03-05:09:55 PM Z
From: Nicolas Williams <Nicolas.Williams@sun.com> Subject: Re: [nfsv4] AUTH_GSS for Callbacks Message-ID: <20031030230955.GC26891@binky.central.sun.com> Date: Thu, 30 Oct 2003 15:09:55 -0800 On Thu, Oct 30, 2003 at 05:41:37PM -0500, wurzl, mario wrote: > As protocol designers and implementers it is our duty to make a product to > easy to use as possible. > IT managers and administrators already complain about the complexities in > deploying and managing information systems, and the tendency is "again" > towards thin clients, but this time not because of the cost of the clients > as it has been in the past, but because of the cost in setting up and > managing these clients. > Introducing a new protocol that increases client administration costs, is > probably the most effective way to discourage deployment, and send the > protocol to the same basket with other great but unmanageable ideas, like > OSI. Single-user clients should not require acceptor credentials, but it does help if they have acceptor credentials (i.e., it will be more convenient to the user in general). Multi-user clients need acceptor credentials to really be secure. All that said, single-user clients using LIPKEY will not be able to use secure callback channels without SPKM-3 initiator and acceptor creds. This is a flaw in the spec that I think we can fix (repeat after me: CCM-MIC, CCM-MIC, CCM-MIC). Cheers, Nico -- _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
This archive was generated by hypermail 2.1.2 : 03/04/05-02:12:52 AM Z CST