[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Subject: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
From: u+openafsdev-sr55@chalmers.se
Date: Thu, 30 Aug 2007 20:54:47 +0200
Cc: heimdal-discuss@sics.se, OpenAFS Devel <openafs-devel@openafs.org>
In-Reply-To: <200708301715.l7UHF2hX012006@ginger.cmf.nrl.navy.mil>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <20070830153316.GD5381@pappardelle.tekno.chalmers.se> <200708301715.l7UHF2hX012006@ginger.cmf.nrl.navy.mil>
Reply-To: heimdal-discuss@sics.se, u+openafsdev-sr55@chalmers.se
User-Agent: Mutt/1.4.2.1i

Hello Ken,

On Thu, Aug 30, 2007 at 01:15:03PM -0400, Ken Hornstein wrote:
> >You shouldn't contradict the design of the expected environment
> >for your product.
> 
> So you're advocating doing nothing because of some design decisions made
> 30+ years ago?  My experience has shown me that it's possible to do better;

I do not advocate doing nothing :)

I advocate being reasonable. If you (just as a hypothetical example)
prefer PAG to clean design - fine, but then do not call the resulting system
secure, as you broke the assumptions on which the semantics
of the system call set was designed (and still relies on).

> I see no reason the design can't evolve to meet new requirements.  You

The design can evolve given that the changes are compatible.
With a complex design it is hard to do the analysis, and a negative
conclusion usually is more reliable than a positive one.

> might point out that the design hasn't evolved yet; that would be fair,
> but if we don't try stuff now we won't find what works and what doesn't.

So I am helping the evolution by pointing out which things don't :)

Many people seem to believe that PAGs are "right" and that all we need
is a suitable implementation which will make it work.
My point is that this is not exactly the case and that there are other,
more general hinders as well.

Best regards,
Rune

Follow-Ups:
- Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

References:
- Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: u+openafsdev-sr55@chalmers.se
- Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

Prev by Date: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Next by Date: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Prev by thread: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Next by thread: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Index(es):
- Date
- Thread