Thanks for your explanation, Satya!

> Not all of these changes need to happen at once.  The most critical
> are the 3 biggies above.  These will require a wire protocol
> upgrade, so not upward compatible and will need to happen together
> to minimize disruption.

...and the 3 biggies aren't that big, really.  We could have them
fixed quite fast.  RPC2 needs a negotiation mechanism for selecting
the best level of security available at both ends, subject to
configurable minimum and maximum levels specified by the application.
(I assume it doesn't have this, since you say a wire protocol upgrade
is involved.)

> That will get Coda much closer to a secure system, and then
> incremental improvements can be done to close the remaining
> vulnerabilities.

Kerberos integration (instead of, or in addition to, auth2), would be
a great such improvement.  This has become especially relevant now
that Windows uses Kerberos -- a venus for Windows that authenticates
automatically, using Windows credentials, would be a cool feature.

> If enough people are interested and willing to contribute their
> time, we can work out the details of collaboration offline.  Just
> drop Jan and me a note indicating your interest/willingness.

I'll certainly want to contribute something -- but I'll first take a
look at things, and decide where I can realistically be of most help.
The documentation is sorely in need of cleaning up and updating...

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway
www.eunet.no  T: +47-22092958 M: +47-93013940 F: +47-22092901