(Illustration by Gaich Muramatsu)
[untrusted clients] Indeed, and I'm not trying to solve this problem. I keep hearing rumors of patches to replace the xor with something real, and this should avoid the token-revelation problem you describe :-) Perhaps with the new BXA rules these can get integrated into the tree. Using krb5 to get tokens is probably in order, too; that should avoid the users being able to guess server tokens from their own. For me, the first goal was to be able to run coda among 20 or so machines where I have fairly tight administrative control over all machines and all users of those machines, and trust all users not to be malicious. I don't, however, trust the network not to have sniffers (especially since it involves WaveLANs). So while the xor tokens are still bogus, only trusted people even see them. [mariner port] Now on unix-domain socket, I believe. [portmapper/dynamic] My next step is probably to modify the source to set IPSEC policy on sockets, rather than using SPD entries that key off port numbers. I only have one server right now, and the port numbers seem entirely predictable. Since I last wrote, I have got an IKE daemon (isakmpd from OpenBSD) working with X.509 certificates, and have SAs instantitated dynamically. Greg Troxel <gdt_at_ir.bbn.com>Received on 2000-02-29 07:52:26