Coda File System

Re: XOR in Coda

From: M. Satyanarayanan <satya_at_cs.cmu.edu>
Date: Tue, 17 Feb 2004 22:54:54 -0500
> Given the current rules, are you willing to bring strong
> authentication (which has always been ok) and confidentiality into
> RPC2? 

What are the rules these days?  Is the scene stable enough that
we don't have to rip out encryption code and put it back each
time the political pendulum swings?   I haven't been following
this stuff in the past few years, and wonder what 9/11 has done
to this area.  I would hate to see hard work having to be undone,
or Coda's distribution being restricted.

> This is tricky; encryption doesn't give you integrity.  From
> what I read in rpc2-src/secure.c, there is the concept of
> encrypt/decrypt, but no expansion is allowed (leaving no room for a
> message integrity code) and the encryption must work on arbitrary byte
> boundaries.  I suspect a mode like ciphertext stealing would work
> here, but I'm rusty on the details.
> It was not apparent on reading the code how authentication is handled
> (separately from encryption, it seems, but I couldn't follow it).

The right thing to aim for is a tasteful job of fixing RPC2.
If you (hopefully helped by others) were to work with Jan to come up
with a good design that does the right thing with at most small violence to
existing code structure, that would be ideal.  We can probably live 
with a one-time RPC2 incompatible version change (detectable, since we
do have RPC2 version numbers).  But there are lots of details to get
right in one go.  The right mind set here is laproscopic surgery --- one
does have to make an incision, remove bad stuff, and 
put new good stuff in.   But one can aim to do it in a way that
keeps incidental damage small --- zero is probably impossible,
but small should be possible.   Ultimately, I trust Jan's 
judgement in matters of taste concerning Coda --- so if it
passes Jan's eagle eye, it's fine with me.   I can't imagine
Jan having the cycles to do this himself (along with 64 bit
cleanup, better RVM usage, LDAP, .....).  So it will require you and
others to take the lead.  That's after all the power of open source!

 Here's an invitation:  would you and a few others like to visit
Carnegie Mellon and brainstorm on this for a few concentrated
days?  Maybe even hack the code with Jan and get it done?
Maybe a week-long Codafest?

            -- Satya
Received on 2004-02-18 10:50:22