proposal: make lipkey mandatory to implement

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Mike Eisler (mre@eng.sun.com)
Date: 11/16/99-08:26:53 AM Z

Next message: Noveck, Dave: "RE: leases revisited was RE: Some issues with stateid's"
Previous message: Mike Eisler: "link and rename update"

Date: Tue, 16 Nov 1999 06:26:53 -0800 (PST)
From: Mike Eisler <mre@eng.sun.com>
Subject: proposal: make lipkey mandatory to implement
Message-ID: <Roam.SIMC.2.0.6.942762413.32053.mre@eng.sun.com>

At the D.C. IETF WG meeting last week, I presented a proposal to make LIPKEY
mandatory to implement. I've presented LIPKEY to the nfsv4 WG meetings at
previous meetings (Oslo, 1999 and San Jose, 1999). In San Jose, LIPKEY had a
warm reception. In Oslo, it had a luke warm reception.

Rather than repeat what I said in D.C., I refer the WG to my presentation.

	http://playground.sun.com/~mre/lipkey/

One risk in doing this are that LIPKEY is still an internet-draft, and so if
the nfsv4 internet draft makes a reference to to it, it will be held up for
publication until lipkey is approved. On the dlip side, lipkey has encountered
little opposition within the CAT working group were it is a work item. LIPKEWY
is pretty close to being complete, and I anticipate making one more revision
to the document.

Another risk is the lack of readily available implementations. LIPKEY itself is
trivial, but it is layered over the Simple Public Key Mechanism (SPKM). There
aren't any freely available reference implementations of SPKM in source code
form. Most of the complexity of SPKM is bound up in ASN.1  encoding and
decoding. Using something like XDR doesn't really buy much simplicity, because
public key data types like certificates are dervied from standards like X.509
which use ASN.1.

My belief is that one could take the freely available SSLeay code and whack it
into an SPKM mechanism. Jack Kabat of Valicert even has a ASN.1 compiler
(available under terms that seem similar to the Debian BSD license) that takes
ASN.1 descriptions and convert them into C code that uses the SSLeay linraru's
ASN.1 primitives (see http://www.valicert.com/download/ and look for ASN.1
Parser). 

If I didn't already have an SPKM implementation, that would be the direction I
would implement toward.

Comments welcome.

	-mre

Next message: Noveck, Dave: "RE: leases revisited was RE: Some issues with stateid's"
Previous message: Mike Eisler: "link and rename update"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.2 : 03/04/05-01:47:55 AM Z CST