logo_kerberos.gif

Roadmap

From K5Wiki
Revision as of 14:47, 14 February 2012 by TomYu (Talk | contribs)

Jump to: navigation, search

This is the outline of the development roadmap for MIT Kerberos. A more comprehensive list of projects is also available; some individual projects have links below.

Contents

Timeline

Target 6 to 12 month cycle. (9 months plus/minus 3)

Releases will have a 2-year maintenance lifetime, subject to changes based on sponsor or community input.

krb5-1.8
Branch Jan. 2009
Release early Mar. 2010
krb5-1.9
Branch Oct. 2010
Release Dec. 2010
krb5-1.10
Branch Oct. 2011
Release Dec. 2011
krb5-1.11
Branch Oct. 2012
Release Dec. 2012

Guiding principles

  • Code quality
  • Developer experience (including modularity)
  • End-user experience
  • Administrator experience
  • Performance
  • Protocol evolution

Current roadmap items

Code quality

  • Move toward test-driven development
  • Increase conformance to coding style
    • Selective refactoring
      • KDC (1.9)
    • Continue formatting cleanup
  • Use cyclomatic complexity metrics to identify cleanup targets

Developer experience

  • Crypto modularity -- make sure PKCS#11 etc. work well
    • NSS back end (1.9)
  • API documentation
  • Support readily building subsets
    • "Lite" client
    • "Lite" server
    • GSS-API: separate context establishment from message protection functions, e.g. Solaris user/kernel space split
  • KDC Database modularity (long-term)
    • SQLite back end
    • Does the existing DAL make sense?
    • Make data model less "blobby"
    • Track IETF data model work
  • Plugin support improvements
    • PRNG
    • GSS-API mechanism glue
    • DNS / host-to-realm mapping
    • Profile / configuration
  • Secure co-processor ("would be nice")
  • GSS proxy
  • interposition capability for GSS mechs (useful for GSS proxy)

End-user experience

  • Localization
  • Credential management
    • KIM API (done)
    • Cross-platform CCAPI
      • Done for Mac & Windows
      • UNIX implementation

Administrator Experience

  • Add interface to purge old keys (1.8 patch?)
  • Add interface to delete keys of specific enctypes (1.8 patch?)
  • Disable enctypes at compile time (1.8 patch?)
  • Print enctypes using the "input form" string
  • Improve IPv6 support
  • Improve key rollover
    • Application service keys
  • Decrease DNS-related fragility
  • Plugins for login failure lockout
  • Plugins for audit support
  • Plugins for password synchronization
  • Plugins for ticket issuance access control
  • Friendlier smart card support
  • FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
  • Multiple logging levels for trace logging

Performance

  • Decrease DNS traffic
  • Client resolution of KDC (etc.) addresses can be very slow. Decouple address resolution from initiation of KDC communications. (requires some redesign of internal interfaces)
  • Replay cache ("rcache")
    • Disable on KDC
      • Avoids known false-positive issues
    • Improve implementation
    • Support disabling by service type name
  • Enhancements to improve concurrency
    • Explicit state
    • Reduce mutex contention
    • Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier

Protocol evolution

  • International strings in protocol (need IETF feedback)
    • Principal names
    • Error strings, etc. (need language tag negotiation)
  • Timestamp-independence
  • Replay-proofing protocols
  • Encryption algorithm updates (SHA-2, SHA-3, CCM, GCM)
  • PKU2U
  • One time password support
  • Multiply-authenticated authorization data container
  • POSIX IDs in authorization data
  • Level of Assurance in authorization data
  • Site-defined string-keyed claims in authorization data
  • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)

Completed roadmap items

Code quality

  • Remove krb4 (1.7)
  • Move applications to separate distribution (1.8)
  • Use safer library functions
    • Avoids false positives
    • Avoids need to (probably manually) evaluate "unsafe" calls
    • Stop using strcpy, strcat, sprintf, etc.
      • Mostly done
      • New internal APIs for complex operations
  • Reduce commitment to "difficult" platforms
  • Move toward test-driven development
    • Python-based test framework (1.9)

Developer experience

  • GSS-API mechglue changes to enable NTLM support (1.7)
  • Crypto modularity (1.8)
    • Native (accelerated) crypto API support
    • Performance optimizations (caching, etc.)
    • New API design for encryption performance (1.8)
  • "The Great Reindent" (1.8)

End-user experience

  • Referrals (1.7)

Administrator experience

  • Incremental propagation (1.7)
  • Master key rollover (1.7)
  • Auditing support (log all ticket requests) (1.7)
  • Disable DES by default (1.8)
  • Lockout for repeated login failures (1.8)
    • Implement LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the future capability to eschew reverse DNS resolution (1.8)
  • Trace logging for easier troubleshooting (1.9)
  • Plugins for password quality checks (1.9)

Performance

  • New crypto API (1.8) facilitates optimizations
  • Replay cache ("rcache")
    • Collision avoidance (1.7)

Protocol evolution

  • Encryption algorithm negotiation (1.7)
  • Microsoft Kerberos extensions (1.7)
  • Improved PKINIT support (1.7)
  • Anonymous PKINIT (1.8)
  • FAST (done in 1.7 for a subset; IETF)
  • FAST negotiation (1.8)
  • IAKERB (1.9)
  • Camellia (1.9)
Personal tools