Difference between revisions of "Roadmap"
From K5Wiki
(→Timeline) |
|||
| (23 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | This is the outline of the '''development roadmap''' for MIT Kerberos. |
+ | This is the outline of the '''development roadmap''' for MIT Kerberos. A more comprehensive [[Projects | list of projects]] is also available; some individual projects have links below. |
== Timeline == |
== Timeline == |
||
Target 6 to 12 month cycle. (9 months plus/minus 3) |
Target 6 to 12 month cycle. (9 months plus/minus 3) |
||
| + | |||
| + | Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input. |
||
; [[Release_1.8|krb5-1.8]] |
; [[Release_1.8|krb5-1.8]] |
||
| Line 9: | Line 11: | ||
: Release early Mar. 2010 |
: Release early Mar. 2010 |
||
| − | ; krb5-1.9 |
+ | ; [[Release_1.9|krb5-1.9]] |
| − | : Branch |
+ | : Branch Oct. 2010 |
: Release Dec. 2010 |
: Release Dec. 2010 |
||
| + | |||
| + | ; krb5-1.10 |
||
| + | : Branch Jul. 2011 |
||
| + | : Release Sep. 2011 |
||
== Guiding principles == |
== Guiding principles == |
||
* Code quality |
* Code quality |
||
| − | * Modularity |
||
| + | * Developer experience (including modularity) |
||
* End-user experience |
* End-user experience |
||
* Administrator experience |
* Administrator experience |
||
* Performance |
* Performance |
||
* Protocol evolution |
* Protocol evolution |
||
| + | |||
| + | == Current roadmap items == |
||
=== Code quality === |
=== Code quality === |
||
| − | * [[Projects/Remove krb4|Remove krb4]] (1.7) |
||
* Move toward test-driven development |
* Move toward test-driven development |
||
| + | ** Python-based test framework (1.9) |
||
* Increase conformance to coding style |
* Increase conformance to coding style |
||
| − | ** "The Great Reindent"? |
||
** Selective refactoring |
** Selective refactoring |
||
| − | * Use safer library functions (ongoing) |
||
| + | *** KDC (1.9) |
||
| − | ** Avoids false positives |
||
| + | ** Continue formatting cleanup |
||
| − | ** Avoids need to (probably manually) evaluate "unsafe" calls |
||
| − | ** Stop using strcpy, strcat, sprintf, etc. |
||
| − | *** Mostly done |
||
| − | *** New internal APIs for complex operations |
||
| − | * Reduce commitment to "difficult" platforms |
||
| − | ** See [[supported platforms]] |
||
| − | ** Focuses resources more effectively |
||
| − | === |
+ | === Developer experience === |
| − | * Crypto (1.8) |
||
| + | * Crypto modularity -- make sure PKCS#11 etc. work well |
||
| − | ** Native (accelerated) crypto API support |
||
| + | ** NSS back end (1.9) |
||
| − | ** Performance optimizations (caching, etc.) |
||
| + | * API documentation |
||
| − | ** New API design for [[Projects/Encryption performance|encryption performance]] (1.8) |
||
* Support readily building subsets |
* Support readily building subsets |
||
** "Lite" client |
** "Lite" client |
||
** "Lite" server |
** "Lite" server |
||
| − | ** |
+ | ** GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split |
| − | * |
+ | * KDC Database modularity (long-term) |
| − | ** |
+ | ** SQLite back end |
| − | ** Possible refinements later (1.8) |
||
| − | * KDC Database (long-term) |
||
** Does the existing DAL make sense? |
** Does the existing DAL make sense? |
||
** Make data model less "blobby" |
** Make data model less "blobby" |
||
** Track IETF data model work |
** Track IETF data model work |
||
| − | ** New API around 1.8 |
||
| + | * [[Projects/Plugin support improvements | Plugin support improvements]] |
||
| − | ** New implementation around 1.9 |
||
| + | ** [[Projects/Alternative PRNG | PRNG]] |
||
| + | ** GSS-API mechanism glue |
||
| + | ** DNS / host-to-realm mapping |
||
| + | ** Profile / configuration |
||
* Secure co-processor ("would be nice") |
* Secure co-processor ("would be nice") |
||
=== End-user experience === |
=== End-user experience === |
||
| − | * Enhanced error messages for GSS-API (done) |
||
| + | * Localization |
||
| − | * Referrals (1.7) |
||
| − | ** DNS independence via referrals |
||
| − | * Localization of static error strings (1.7+) |
||
* Credential management |
* Credential management |
||
** KIM API (done) |
** KIM API (done) |
||
** Cross-platform CCAPI |
** Cross-platform CCAPI |
||
*** Done for Mac & Windows |
*** Done for Mac & Windows |
||
| − | *** UNIX implementation |
+ | *** UNIX implementation |
=== Administrator Experience === |
=== Administrator Experience === |
||
| − | * Incremental propagation (1.7) |
||
| + | * Add interface to purge old keys (1.8 patch?) |
||
| − | ** Integrated; needs cleanup |
||
| + | * Add interface to delete keys of specific enctypes (1.8 patch?) |
||
| + | * Disable enctypes at compile time (1.8 patch?) |
||
| + | * [[Projects/Trace logging|Trace logging]] for easier troubleshooting (1.9) |
||
| + | * Plugins for password quality checks (1.9) |
||
| + | * Print enctypes using the "input form" string |
||
| + | * Improve IPv6 support |
||
* Improve key rollover |
* Improve key rollover |
||
| − | ** Master key (1.7) |
||
| + | ** Application service keys |
||
| − | ** Application service keys (1.8) |
||
* Decrease DNS-related fragility |
* Decrease DNS-related fragility |
||
| − | ** Investigate LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the option to eschew reverse DNS resolution |
||
| + | * Plugins for login failure lockout |
||
| − | * Audit support (log all ticket requests) (1.7+) |
||
| + | * Plugins for audit support |
||
| − | * Disable DES by default (1.8) |
||
| + | * Plugins for password synchronization |
||
| − | ** Investigate doing this for 1.8 and removing single-DES completely by 1.9 |
||
| + | * Plugins for ticket issuance access control |
||
| − | ** Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems}} |
||
| + | * Friendlier smart card support |
||
| − | * [[Projects/Lockout|Lockout]] for repeated login failures (1.8) |
||
| − | * [[Projects/Trace logging|Trace logging]] for easier troubleshooting (1.8) |
||
=== Performance === |
=== Performance === |
||
| − | * Decrease DNS traffic |
+ | * Decrease DNS traffic |
| − | + | * Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces) |
|
* Replay cache ("rcache") |
* Replay cache ("rcache") |
||
| − | ** Disable on KDC |
+ | ** Disable on KDC |
*** Avoids known false-positive issues |
*** Avoids known false-positive issues |
||
| − | ** Collision avoidance (1.7) |
||
| + | ** Improve implementation |
||
| − | ** Improve implementation (1.7+) |
||
| + | ** Support disabling by service type name |
||
| − | ** Support disabling by service type name (1.7+) |
||
| − | * New crypto API (1.8) facilitates optimizations |
||
* Enhancements to improve concurrency |
* Enhancements to improve concurrency |
||
** Explicit state |
** Explicit state |
||
** Reduce mutex contention |
** Reduce mutex contention |
||
** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
||
| + | |||
| + | === Protocol evolution === |
||
| + | |||
| + | * IAKERB (1.9) |
||
| + | * Camellia (1.9) |
||
| + | * International strings in protocol (need IETF feedback) |
||
| + | ** Principal names |
||
| + | ** Error strings, etc. (need language tag negotiation) |
||
| + | * Timestamp-independence |
||
| + | * Replay-proofing protocols |
||
| + | * Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM) |
||
| + | * PKU2U |
||
| + | * One time password support |
||
| + | |||
| + | == Completed roadmap items == |
||
| + | |||
| + | === Code quality === |
||
| + | |||
| + | * [[Projects/Remove krb4|Remove krb4]] (1.7) |
||
| + | * Move applications to separate distribution (1.8) |
||
| + | * Use safer library functions |
||
| + | ** Avoids false positives |
||
| + | ** Avoids need to (probably manually) evaluate "unsafe" calls |
||
| + | ** Stop using strcpy, strcat, sprintf, etc. |
||
| + | *** Mostly done |
||
| + | *** New internal APIs for complex operations |
||
| + | * Reduce commitment to "difficult" platforms |
||
| + | ** See [[supported platforms]] |
||
| + | ** Focuses resources more effectively |
||
| + | |||
| + | === Developer experience === |
||
| + | |||
| + | * GSS-API mechglue changes to enable NTLM support (1.7) |
||
| + | * Crypto modularity (1.8) |
||
| + | ** Native (accelerated) crypto API support |
||
| + | ** Performance optimizations (caching, etc.) |
||
| + | ** New API design for [[Projects/Encryption performance|encryption performance]] (1.8) |
||
| + | * "The Great Reindent" (1.8) |
||
| + | |||
| + | === End-user experience === |
||
| + | |||
| + | * Referrals (1.7) |
||
| + | |||
| + | === Administrator experience === |
||
| + | |||
| + | * Incremental propagation (1.7) |
||
| + | * Master key rollover (1.7) |
||
| + | * Auditing support (log all ticket requests) (1.7) |
||
| + | * Disable DES by default (1.8) |
||
| + | ** Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems]] (1.8) |
||
| + | * [[Projects/Lockout|Lockout]] for repeated login failures (1.8) |
||
| + | ** Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8) |
||
| + | |||
| + | === Performance === |
||
| + | |||
| + | * New crypto API (1.8) facilitates optimizations |
||
| + | * Replay cache ("rcache") |
||
| + | ** Collision avoidance (1.7) |
||
=== Protocol evolution === |
=== Protocol evolution === |
||
| Line 109: | Line 166: | ||
* Anonymous PKINIT (1.8) |
* Anonymous PKINIT (1.8) |
||
* FAST (done in 1.7 for a subset; IETF) |
* FAST (done in 1.7 for a subset; IETF) |
||
| − | * International strings in protocol (1.8+; IETF) |
||
| + | * FAST negotiation (1.8) |
||
| − | * Timestamp-independence |
||
| − | * Replay-proofing protocols |
||
| − | * Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM) |
||
| − | * S4U2Self/S4U2Proxy |
||
Revision as of 15:12, 9 August 2010
This is the outline of the development roadmap for MIT Kerberos. A more comprehensive list of projects is also available; some individual projects have links below.
Timeline
Target 6 to 12 month cycle. (9 months plus/minus 3)
Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input.
- krb5-1.8
- Branch Jan. 2009
- Release early Mar. 2010
- krb5-1.9
- Branch Oct. 2010
- Release Dec. 2010
- krb5-1.10
- Branch Jul. 2011
- Release Sep. 2011
Guiding principles
- Code quality
- Developer experience (including modularity)
- End-user experience
- Administrator experience
- Performance
- Protocol evolution
Current roadmap items
Code quality
- Move toward test-driven development
- Python-based test framework (1.9)
- Increase conformance to coding style
- Selective refactoring
- KDC (1.9)
- Continue formatting cleanup
- Selective refactoring
Developer experience
- Crypto modularity -- make sure PKCS#11 etc. work well
- NSS back end (1.9)
- API documentation
- Support readily building subsets
- "Lite" client
- "Lite" server
- GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split
- KDC Database modularity (long-term)
- SQLite back end
- Does the existing DAL make sense?
- Make data model less "blobby"
- Track IETF data model work
- Plugin support improvements
- PRNG
- GSS-API mechanism glue
- DNS / host-to-realm mapping
- Profile / configuration
- Secure co-processor ("would be nice")
End-user experience
- Localization
- Credential management
- KIM API (done)
- Cross-platform CCAPI
- Done for Mac & Windows
- UNIX implementation
Administrator Experience
- Add interface to purge old keys (1.8 patch?)
- Add interface to delete keys of specific enctypes (1.8 patch?)
- Disable enctypes at compile time (1.8 patch?)
- Trace logging for easier troubleshooting (1.9)
- Plugins for password quality checks (1.9)
- Print enctypes using the "input form" string
- Improve IPv6 support
- Improve key rollover
- Application service keys
- Decrease DNS-related fragility
- Plugins for login failure lockout
- Plugins for audit support
- Plugins for password synchronization
- Plugins for ticket issuance access control
- Friendlier smart card support
Performance
- Decrease DNS traffic
- Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
- Replay cache ("rcache")
- Disable on KDC
- Avoids known false-positive issues
- Improve implementation
- Support disabling by service type name
- Disable on KDC
- Enhancements to improve concurrency
- Explicit state
- Reduce mutex contention
- Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
Protocol evolution
- IAKERB (1.9)
- Camellia (1.9)
- International strings in protocol (need IETF feedback)
- Principal names
- Error strings, etc. (need language tag negotiation)
- Timestamp-independence
- Replay-proofing protocols
- Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
- PKU2U
- One time password support
Completed roadmap items
Code quality
- Remove krb4 (1.7)
- Move applications to separate distribution (1.8)
- Use safer library functions
- Avoids false positives
- Avoids need to (probably manually) evaluate "unsafe" calls
- Stop using strcpy, strcat, sprintf, etc.
- Mostly done
- New internal APIs for complex operations
- Reduce commitment to "difficult" platforms
- See supported platforms
- Focuses resources more effectively
Developer experience
- GSS-API mechglue changes to enable NTLM support (1.7)
- Crypto modularity (1.8)
- Native (accelerated) crypto API support
- Performance optimizations (caching, etc.)
- New API design for encryption performance (1.8)
- "The Great Reindent" (1.8)
End-user experience
- Referrals (1.7)
Administrator experience
- Incremental propagation (1.7)
- Master key rollover (1.7)
- Auditing support (log all ticket requests) (1.7)
- Disable DES by default (1.8)
- Add more versatile facilities for configuring cryptosystems (1.8)
- Lockout for repeated login failures (1.8)
- Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8)
Performance
- New crypto API (1.8) facilitates optimizations
- Replay cache ("rcache")
- Collision avoidance (1.7)
Protocol evolution
- Encryption algorithm negotiation (1.7)
- Microsoft Kerberos extensions (1.7)
- Improved PKINIT support (1.7)
- Anonymous PKINIT (1.8)
- FAST (done in 1.7 for a subset; IETF)
- FAST negotiation (1.8)
