Difference between revisions of "Release Meeting Minutes/2013-02-12"

Latest revision as of 13:17, 13 February 2013

David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu

Greg: Started work on auth_to_local interface. Want to fix some existing behavior. Can't distinguish different realms. Also a problem when using regex-based rules.

Greg: Probably will leave things alone in case someone depends on it, and document behavior.

Tom: git.mit.edu firewalled from off-campus soon.

Some discussion about CAMMAC. What purpose does a KDC MAC serve? Detached verification? Some people (Sam?) are skeptical about detached verification. Do we want something like ad-signedpath? What bits to sign?

Tom: S4U2Proxy -- CAMMAC as it currently exists is probably good enough to allow supporting it in the future. (e.g., could define a new authorization data type that MACs most of the content of the ticket, and put that in the CAMMAC.) So what is the minimum binding component?

Simo: cname, authtime, endtime -- to support detached verification.

Tom: Do you actually need detached verification?

Simo: Can probably use GSS proxy, but would like the option if needed in the future.

Tom: Will get text to you later this week.

Difference between revisions of "Release Meeting Minutes/2013-02-12"

Latest revision as of 13:17, 13 February 2013

Navigation menu

Views

Personal tools

Navigation

Search

Tools