Hi Tom,
 In a recent codalist message, you asked:

> If I understand correctly, Coda security is currently completely (and securely)
> implemented, except for the single quirk that only the RPC2_XOR encryption
> method is available. Correct? Am I right to think that it's just a matter of
> adding DES en-/decryption support to ...rpc2/rpc2-src/secure.c (and, possibly,
> other methods along with new constants in ...rpc2/include/rpc2/rpc2.h), and
> there will be support for proper security on the wire? It seems, though, that
> Coda will not use it, as the RPC2_OPENKIMONO and RPC2_XOR values are explicitly
> coded into the Coda source. Should changing these to RPC2_SECURE and RPC2_DES
> (or some other encryption scheme) be expected to work?

That will get you a long way, but not all the way.  For one, the
bulk transfer (SFTP) data is not encrypted so that code needs to
be added.  Also, the some kind of checksum on packets is needed
to ensure integrity.  These are the 3 "biggies".

Beyond that point, there are many corner cases that need to be
identified and addressed.  For example, behavior of disconnected
clients with expired tokens.  The system currently incorporates a
certain behavior.  Whether this is "correct" behavior needs to be
revisited.  Similarly for cases such as multiple users at one
client, etc.  Also whether one should rely on Coda's own auth2
authentication server (very old, pre-Kerberos), or just
completely replace with Kerberos or something else.   I'm sure
we'll stumble across plenty of other small things as well.

Not all of these changes need to happen at once.  The most
critical are the 3 biggies above.  These will require
a wire protocol upgrade, so not upward compatible and will need to
happen together to minimize disruption.  That will get Coda much
closer to a secure system, and then incremental improvements can
be done to close the remaining vulnerabilities.

Here is a message that I sent to codalist some years ago clarifying 
status of Coda security.   A lot of it is still relevant:  
 http://www.coda.cs.cmu.edu/maillists/codalist/codalist-1999/1941.html

Some things mentioned in the message (like multiple Coda
realms/cells) have happened.  Others still need to be done. Both
Peter Braam and Robert Watson who were working on security at
that time have long left the Coda project.  So no major effort
has been put into security since roughly 1999.

In the past year, many people (most notably Greg Troxel, Ivan
Popov, Mark Phalan, and yourself) have focused attention again on
Coda security.  Perhaps it is time for a group effort to move
this aspect of Coda forward?  Jan cannot do it all (amazing as he
is :-)). If enough people are interested and willing to contribute
their time, we can work out the details of collaboration offline.
Just drop Jan and me a note indicating your interest/willingness.

For completeness, here is a paper on the AFS-2 security model,
on which Coda security is based.  Good background reading
that gives much of the concepts and rationale for Coda security.
Just change all occurences of "AFS" to "Coda" in the paper, and
almost all of what it says still applies (a scary thought for
a paper that is 15 years old!):

 "Integrating Security in a Large Distributed System"
 Satyanarayanan, M., ACM Transactions on Computer Systems,
 Vol 7, No. 3,  August 1989

  Cheers
             -- Satya