(Illustration by Gaich Muramatsu)
Thanks for your explanation, Satya! > Not all of these changes need to happen at once. The most critical > are the 3 biggies above. These will require a wire protocol > upgrade, so not upward compatible and will need to happen together > to minimize disruption. ...and the 3 biggies aren't that big, really. We could have them fixed quite fast. RPC2 needs a negotiation mechanism for selecting the best level of security available at both ends, subject to configurable minimum and maximum levels specified by the application. (I assume it doesn't have this, since you say a wire protocol upgrade is involved.) > That will get Coda much closer to a secure system, and then > incremental improvements can be done to close the remaining > vulnerabilities. Kerberos integration (instead of, or in addition to, auth2), would be a great such improvement. This has become especially relevant now that Windows uses Kerberos -- a venus for Windows that authenticates automatically, using Windows credentials, would be a cool feature. > If enough people are interested and willing to contribute their > time, we can work out the details of collaboration offline. Just > drop Jan and me a note indicating your interest/willingness. I'll certainly want to contribute something -- but I'll first take a look at things, and decide where I can realistically be of most help. The documentation is sorely in need of cleaning up and updating... -tih -- Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway www.eunet.no T: +47-22092958 M: +47-93013940 F: +47-22092901Received on 2004-04-28 12:58:02