logo_kerberos.gif

Difference between revisions of "Roadmap"

From K5Wiki
Jump to: navigation, search
(Timeline)
(26 intermediate revisions by the same user not shown)
Line 1: Line 1:
This is the outline of the '''development roadmap''' for MIT Kerberos.
 +
This is the outline of the '''development roadmap''' for MIT Kerberos. A more comprehensive [[Projects | list of projects]] is also available; some individual projects have links below.
   
 
== Timeline ==
  
== Timeline ==
Line 5: Line 5:
 
Target 6 to 12 month cycle. (9 months plus/minus 3)
  
Target 6 to 12 month cycle. (9 months plus/minus 3)
   
; krb5-1.8
  
  +
Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input.
: Branch Dec. 2009
  
  +
:* consider shortening testing cycle to two months or less
  
  +
; [[Release_1.8|krb5-1.8]]
  +
: Branch Jan. 2009
 
: Release early Mar. 2010
  
: Release early Mar. 2010
   
; krb5-1.9
 +
; [[Release_1.9|krb5-1.9]]
: Branch Sep. 2010
 +
: Branch Oct. 2010
 
: Release Dec. 2010
  
: Release Dec. 2010
  +
  +
; krb5-1.10
  +
: Branch Jul. 2011
  +
: Release Sep. 2011
   
 
== Guiding principles ==
  
== Guiding principles ==
   
 
* Code quality
  
* Code quality
* Modularity
  
  +
* Developer experience (including modularity)
 
* End-user experience
  
* End-user experience
 
* Administrator experience
  
* Administrator experience
 
* Performance
  
* Performance
 
* Protocol evolution
  
* Protocol evolution
  +
  +
== Current roadmap items ==
   
 
=== Code quality ===
  
=== Code quality ===
   
* [[Projects/Remove krb4|Remove krb4]] (1.7)
  
 
* Move toward test-driven development
  
* Move toward test-driven development
  +
** Python-based test framework (1.9)
 
* Increase conformance to coding style
  
* Increase conformance to coding style
** "The Great Reindent"?
  
 
** Selective refactoring
  
** Selective refactoring
* Use safer library functions (ongoing)
  
  +
*** KDC (1.9)
** Avoids false positives
  
  +
** Continue formatting cleanup
** Avoids need to (probably manually) evaluate "unsafe" calls
  
** Stop using strcpy, strcat, sprintf, etc.
  
*** Mostly done
  
*** New internal APIs for complex operations
  
* Reduce commitment to "difficult" platforms
  
** See [[supported platforms]]
  
** Focuses resources more effectively
  
   
=== Modularity ===
 +
=== Developer experience ===
   
* Crypto (1.8)
  
  +
* Crypto modularity -- make sure PKCS#11 etc. work well
** Native (accelerated) crypto API support
  
  +
** NSS back end (1.9)
** Performance optimizations (caching, etc.)
  
  +
* API documentation
** New API design 1.7+
  
  +
* Support readily building subsets
* Support readily building subsets (1.8)
  
 
** "Lite" client
  
** "Lite" client
 
** "Lite" server
  
** "Lite" server
** "GSS-API": separate context establishment from message protection functions, e.g. Solaris user/kernel space split
 +
** GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split
* GSS-API mechanism glue
 +
* KDC Database modularity (long-term)
** At least rough form to enable NTLM support (1.7)
 +
** SQLite back end
** Possible refinements later (1.8)
  
* KDC Database (long-term)
  
 
** Does the existing DAL make sense?
  
** Does the existing DAL make sense?
 
** Make data model less "blobby"
  
** Make data model less "blobby"
 
** Track IETF data model work
  
** Track IETF data model work
** New API around 1.8
  
  +
* [[Projects/Plugin support improvements | Plugin support improvements]]
** New implementation around 1.9
  
  +
** [[Projects/Alternative PRNG | PRNG]]
  +
** GSS-API mechanism glue
  +
** DNS / host-to-realm mapping
  +
** Profile / configuration
 
* Secure co-processor ("would be nice")
  
* Secure co-processor ("would be nice")
   
 
=== End-user experience ===
  
=== End-user experience ===
   
* Enhanced error messages for GSS-API (done)
  
  +
* Localization
* Referrals (1.7)
  
** DNS independence via referrals
  
* Localization of static error strings (1.7+)
  
 
* Credential management
  
* Credential management
 
** KIM API (done)
  
** KIM API (done)
 
** Cross-platform CCAPI
  
** Cross-platform CCAPI
 
*** Done for Mac & Windows
  
*** Done for Mac & Windows
*** UNIX implementation (1.7+)
 +
*** UNIX implementation
   
 
=== Administrator Experience ===
  
=== Administrator Experience ===
   
* Incremental propagation (1.7)
  
  +
* Add interface to purge old keys (1.8 patch?)
** Integrated; needs cleanup
  
  +
* Add interface to delete keys of specific enctypes (1.8 patch?)
  +
* Disable enctypes at compile time (1.8 patch?)
  +
* [[Projects/Trace logging|Trace logging]] for easier troubleshooting (1.9)
  +
* Plugins for password quality checks (1.9)
  +
* Print enctypes using the "input form" string
  +
* Improve IPv6 support
 
* Improve key rollover
  
* Improve key rollover
** Master key (1.7)
  
  +
** Application service keys
** Application service keys (1.8)
  
 
* Decrease DNS-related fragility
  
* Decrease DNS-related fragility
** Investigate LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the option to eschew reverse DNS resolution
  
  +
* Plugins for login failure lockout
* Audit support (log all ticket requests) (1.7+)
  
  +
* Plugins for audit support
* Disable DES by default (1.8)
  
  +
* Plugins for password synchronization
** Investigate doing this for 1.7 and removing single-DES completely by 1.8
  
  +
* Plugins for ticket issuance access control
** Add more versatile facilities for configuring cryptosystems
  
  +
* Friendlier smart card support
   
 
=== Performance ===
  
=== Performance ===
   
* Decrease DNS traffic (1.7)
 +
* Decrease DNS traffic
** Stop trying to crawl up to the root
 +
* Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
 
* Replay cache ("rcache")
  
* Replay cache ("rcache")
** Disable on KDC (1.7)
 +
** Disable on KDC
 
*** Avoids known false-positive issues
  
*** Avoids known false-positive issues
** Collision avoidance (1.7+)
  
  +
** Improve implementation
** Improve implementation (1.7+)
  
  +
** Support disabling by service type name
** Support disabling by service type name (1.7+)
  
  +
* Enhancements to improve concurrency
  +
** Explicit state
  +
** Reduce mutex contention
  +
** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
  +
  +
=== Protocol evolution ===
  +
  +
* IAKERB (1.9)
  +
* Camellia (1.9)
  +
* International strings in protocol (need IETF feedback)
  +
** Principal names
  +
** Error strings, etc. (need language tag negotiation)
  +
* Timestamp-independence
  +
* Replay-proofing protocols
  +
* Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
  +
* PKU2U
  +
* One time password support
  +
  +
== Completed roadmap items ==
  +
  +
=== Code quality ===
  +
  +
* [[Projects/Remove krb4|Remove krb4]] (1.7)
  +
* Move applications to separate distribution (1.8)
  +
* Use safer library functions
  +
** Avoids false positives
  +
** Avoids need to (probably manually) evaluate "unsafe" calls
  +
** Stop using strcpy, strcat, sprintf, etc.
  +
*** Mostly done
  +
*** New internal APIs for complex operations
  +
* Reduce commitment to "difficult" platforms
  +
** See [[supported platforms]]
  +
** Focuses resources more effectively
  +
  +
=== Developer experience ===
  +
  +
* GSS-API mechglue changes to enable NTLM support (1.7)
  +
* Crypto modularity (1.8)
  +
** Native (accelerated) crypto API support
  +
** Performance optimizations (caching, etc.)
  +
** New API design for [[Projects/Encryption performance|encryption performance]] (1.8)
  +
* "The Great Reindent" (1.8)
  +
  +
=== End-user experience ===
  +
  +
* Referrals (1.7)
  +
  +
=== Administrator experience ===
  +
  +
* Incremental propagation (1.7)
  +
* Master key rollover (1.7)
  +
* Auditing support (log all ticket requests) (1.7)
  +
* Disable DES by default (1.8)
  +
** Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems]] (1.8)
  +
* [[Projects/Lockout|Lockout]] for repeated login failures (1.8)
  +
** Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8)
  +
  +
=== Performance ===
  +
 
* New crypto API (1.8) facilitates optimizations
  
* New crypto API (1.8) facilitates optimizations
* Concurrency
  
  +
* Replay cache ("rcache")
  +
** Collision avoidance (1.7)
   
 
=== Protocol evolution ===
  
=== Protocol evolution ===
Line 105: Line 166:
 
* Anonymous PKINIT (1.8)
  
* Anonymous PKINIT (1.8)
 
* FAST (done in 1.7 for a subset; IETF)
  
* FAST (done in 1.7 for a subset; IETF)
* International strings in protocol (1.8+; IETF)
  
  +
* FAST negotiation (1.8)
* Timestamp-independence (1.8, 1.9)
  
* Replay-proofing protocols (1.8, 1.9)
  

Revision as of 15:12, 9 August 2010

This is the outline of the development roadmap for MIT Kerberos. A more comprehensive list of projects is also available; some individual projects have links below.

Timeline

Target 6 to 12 month cycle. (9 months plus/minus 3)

Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input.

krb5-1.8
Branch Jan. 2009
Release early Mar. 2010
krb5-1.9
Branch Oct. 2010
Release Dec. 2010
krb5-1.10
Branch Jul. 2011
Release Sep. 2011

Guiding principles

  • Code quality
  • Developer experience (including modularity)
  • End-user experience
  • Administrator experience
  • Performance
  • Protocol evolution

Current roadmap items

Code quality

  • Move toward test-driven development
    • Python-based test framework (1.9)
  • Increase conformance to coding style
    • Selective refactoring
      • KDC (1.9)
    • Continue formatting cleanup

Developer experience

  • Crypto modularity -- make sure PKCS#11 etc. work well
    • NSS back end (1.9)
  • API documentation
  • Support readily building subsets
    • "Lite" client
    • "Lite" server
    • GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split
  • KDC Database modularity (long-term)
    • SQLite back end
    • Does the existing DAL make sense?
    • Make data model less "blobby"
    • Track IETF data model work
  • Plugin support improvements
    • PRNG
    • GSS-API mechanism glue
    • DNS / host-to-realm mapping
    • Profile / configuration
  • Secure co-processor ("would be nice")

End-user experience

  • Localization
  • Credential management
    • KIM API (done)
    • Cross-platform CCAPI
      • Done for Mac & Windows
      • UNIX implementation

Administrator Experience

  • Add interface to purge old keys (1.8 patch?)
  • Add interface to delete keys of specific enctypes (1.8 patch?)
  • Disable enctypes at compile time (1.8 patch?)
  • Trace logging for easier troubleshooting (1.9)
  • Plugins for password quality checks (1.9)
  • Print enctypes using the "input form" string
  • Improve IPv6 support
  • Improve key rollover
    • Application service keys
  • Decrease DNS-related fragility
  • Plugins for login failure lockout
  • Plugins for audit support
  • Plugins for password synchronization
  • Plugins for ticket issuance access control
  • Friendlier smart card support

Performance

  • Decrease DNS traffic
  • Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
  • Replay cache ("rcache")
    • Disable on KDC
      • Avoids known false-positive issues
    • Improve implementation
    • Support disabling by service type name
  • Enhancements to improve concurrency
    • Explicit state
    • Reduce mutex contention
    • Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier

Protocol evolution

  • IAKERB (1.9)
  • Camellia (1.9)
  • International strings in protocol (need IETF feedback)
    • Principal names
    • Error strings, etc. (need language tag negotiation)
  • Timestamp-independence
  • Replay-proofing protocols
  • Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
  • PKU2U
  • One time password support

Completed roadmap items

Code quality

  • Remove krb4 (1.7)
  • Move applications to separate distribution (1.8)
  • Use safer library functions
    • Avoids false positives
    • Avoids need to (probably manually) evaluate "unsafe" calls
    • Stop using strcpy, strcat, sprintf, etc.
      • Mostly done
      • New internal APIs for complex operations
  • Reduce commitment to "difficult" platforms

Developer experience

  • GSS-API mechglue changes to enable NTLM support (1.7)
  • Crypto modularity (1.8)
    • Native (accelerated) crypto API support
    • Performance optimizations (caching, etc.)
    • New API design for encryption performance (1.8)
  • "The Great Reindent" (1.8)

End-user experience

  • Referrals (1.7)

Administrator experience

  • Incremental propagation (1.7)
  • Master key rollover (1.7)
  • Auditing support (log all ticket requests) (1.7)
  • Disable DES by default (1.8)
  • Lockout for repeated login failures (1.8)
    • Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8)

Performance

  • New crypto API (1.8) facilitates optimizations
  • Replay cache ("rcache")
    • Collision avoidance (1.7)

Protocol evolution

  • Encryption algorithm negotiation (1.7)
  • Microsoft Kerberos extensions (1.7)
  • Improved PKINIT support (1.7)
  • Anonymous PKINIT (1.8)
  • FAST (done in 1.7 for a subset; IETF)
  • FAST negotiation (1.8)
Retrieved from "https://k5wiki.kerberos.org/wiki?title=Roadmap&oldid=3583"