(Illustration by Gaich Muramatsu)
(Illustration by Gaich Muramatsu)
> Given the current rules, are you willing to bring strong > authentication (which has always been ok) and confidentiality into > RPC2? What are the rules these days? Is the scene stable enough that we don't have to rip out encryption code and put it back each time the political pendulum swings? I haven't been following this stuff in the past few years, and wonder what 9/11 has done to this area. I would hate to see hard work having to be undone, or Coda's distribution being restricted. > This is tricky; encryption doesn't give you integrity. From > what I read in rpc2-src/secure.c, there is the concept of > encrypt/decrypt, but no expansion is allowed (leaving no room for a > message integrity code) and the encryption must work on arbitrary byte > boundaries. I suspect a mode like ciphertext stealing would work > here, but I'm rusty on the details. > It was not apparent on reading the code how authentication is handled > (separately from encryption, it seems, but I couldn't follow it). The right thing to aim for is a tasteful job of fixing RPC2. If you (hopefully helped by others) were to work with Jan to come up with a good design that does the right thing with at most small violence to existing code structure, that would be ideal. We can probably live with a one-time RPC2 incompatible version change (detectable, since we do have RPC2 version numbers). But there are lots of details to get right in one go. The right mind set here is laproscopic surgery --- one does have to make an incision, remove bad stuff, and put new good stuff in. But one can aim to do it in a way that keeps incidental damage small --- zero is probably impossible, but small should be possible. Ultimately, I trust Jan's judgement in matters of taste concerning Coda --- so if it passes Jan's eagle eye, it's fine with me. I can't imagine Jan having the cycles to do this himself (along with 64 bit cleanup, better RVM usage, LDAP, .....). So it will require you and others to take the lead. That's after all the power of open source! Here's an invitation: would you and a few others like to visit Carnegie Mellon and brainstorm on this for a few concentrated days? Maybe even hack the code with Jan and get it done? Maybe a week-long Codafest? -- SatyaReceived on 2004-02-18 10:50:22