Difference between revisions of "Roadmap"
From K5Wiki
(→Protocol evolution: crypto updates) |
|||
| Line 44: | Line 44: | ||
** Native (accelerated) crypto API support |
** Native (accelerated) crypto API support |
||
** Performance optimizations (caching, etc.) |
** Performance optimizations (caching, etc.) |
||
| − | ** New API design 1.7+ |
||
| + | ** New API design for [[Projects/Encryption performance|encryption performance]] (1.8) |
||
| − | * Support readily building subsets |
+ | * Support readily building subsets |
** "Lite" client |
** "Lite" client |
||
** "Lite" server |
** "Lite" server |
||
| Line 83: | Line 83: | ||
* Audit support (log all ticket requests) (1.7+) |
* Audit support (log all ticket requests) (1.7+) |
||
* Disable DES by default (1.8) |
* Disable DES by default (1.8) |
||
| − | ** Investigate doing this for 1. |
+ | ** Investigate doing this for 1.8 and removing single-DES completely by 1.9 |
| − | ** Add more versatile facilities for configuring cryptosystems |
+ | ** Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems}} |
| + | * [[Projects/Lockout|Lockout]] for repeated login failures (1.8) |
||
| + | * [[Projects/Trace logging|Trace logging]] for easier troubleshooting (1.8) |
||
=== Performance === |
=== Performance === |
||
| Line 93: | Line 93: | ||
** Disable on KDC (1.7) |
** Disable on KDC (1.7) |
||
*** Avoids known false-positive issues |
*** Avoids known false-positive issues |
||
| − | ** Collision avoidance (1.7 |
+ | ** Collision avoidance (1.7) |
** Improve implementation (1.7+) |
** Improve implementation (1.7+) |
||
** Support disabling by service type name (1.7+) |
** Support disabling by service type name (1.7+) |
||
* New crypto API (1.8) facilitates optimizations |
* New crypto API (1.8) facilitates optimizations |
||
| − | * Concurrency |
||
| + | * Enhancements to improve concurrency |
||
| + | ** Explicit state |
||
| + | ** Reduce mutex contention |
||
| + | ** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
||
=== Protocol evolution === |
=== Protocol evolution === |
||
| Line 107: | Line 110: | ||
* FAST (done in 1.7 for a subset; IETF) |
* FAST (done in 1.7 for a subset; IETF) |
||
* International strings in protocol (1.8+; IETF) |
* International strings in protocol (1.8+; IETF) |
||
| − | * Timestamp-independence |
+ | * Timestamp-independence |
| − | * Replay-proofing protocols |
+ | * Replay-proofing protocols |
* Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM) |
* Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM) |
||
| + | * S4U2Self/S4U2Proxy |
||
Revision as of 19:42, 14 September 2009
This is the outline of the development roadmap for MIT Kerberos.
Contents
Timeline
Target 6 to 12 month cycle. (9 months plus/minus 3)
- krb5-1.8
- Branch Jan. 2009
- Release early Mar. 2010
- krb5-1.9
- Branch Sep. 2010
- Release Dec. 2010
Guiding principles
- Code quality
- Modularity
- End-user experience
- Administrator experience
- Performance
- Protocol evolution
Code quality
- Remove krb4 (1.7)
- Move toward test-driven development
- Increase conformance to coding style
- "The Great Reindent"?
- Selective refactoring
- Use safer library functions (ongoing)
- Avoids false positives
- Avoids need to (probably manually) evaluate "unsafe" calls
- Stop using strcpy, strcat, sprintf, etc.
- Mostly done
- New internal APIs for complex operations
- Reduce commitment to "difficult" platforms
- See supported platforms
- Focuses resources more effectively
Modularity
- Crypto (1.8)
- Native (accelerated) crypto API support
- Performance optimizations (caching, etc.)
- New API design for encryption performance (1.8)
- Support readily building subsets
- "Lite" client
- "Lite" server
- "GSS-API": separate context establishment from message protection functions, e.g. Solaris user/kernel space split
- GSS-API mechanism glue
- At least rough form to enable NTLM support (1.7)
- Possible refinements later (1.8)
- KDC Database (long-term)
- Does the existing DAL make sense?
- Make data model less "blobby"
- Track IETF data model work
- New API around 1.8
- New implementation around 1.9
- Secure co-processor ("would be nice")
End-user experience
- Enhanced error messages for GSS-API (done)
- Referrals (1.7)
- DNS independence via referrals
- Localization of static error strings (1.7+)
- Credential management
- KIM API (done)
- Cross-platform CCAPI
- Done for Mac & Windows
- UNIX implementation (1.7+)
Administrator Experience
- Incremental propagation (1.7)
- Integrated; needs cleanup
- Improve key rollover
- Master key (1.7)
- Application service keys (1.8)
- Decrease DNS-related fragility
- Investigate LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the option to eschew reverse DNS resolution
- Audit support (log all ticket requests) (1.7+)
- Disable DES by default (1.8)
- Investigate doing this for 1.8 and removing single-DES completely by 1.9
- Add more versatile facilities for [[Projects/Enctype_config_enhancements|configuring cryptosystems}}
- Lockout for repeated login failures (1.8)
- Trace logging for easier troubleshooting (1.8)
Performance
- Decrease DNS traffic (1.7)
- Stop trying to crawl up to the root
- Replay cache ("rcache")
- Disable on KDC (1.7)
- Avoids known false-positive issues
- Collision avoidance (1.7)
- Improve implementation (1.7+)
- Support disabling by service type name (1.7+)
- Disable on KDC (1.7)
- New crypto API (1.8) facilitates optimizations
- Enhancements to improve concurrency
- Explicit state
- Reduce mutex contention
- Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
Protocol evolution
- Encryption algorithm negotiation (1.7)
- Microsoft Kerberos extensions (1.7)
- Improved PKINIT support (1.7)
- Anonymous PKINIT (1.8)
- FAST (done in 1.7 for a subset; IETF)
- International strings in protocol (1.8+; IETF)
- Timestamp-independence
- Replay-proofing protocols
- Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
- S4U2Self/S4U2Proxy
