From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] one reason ideas from Plan 9 didn't catch on In-Reply-To: Message from presotto@closedmind.org of "Tue, 13 Nov 2001 14:58:16 EST." <20011113195826.27824199BB@mail.cse.psu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <24323.1005692093@apnic.net> From: George Michaelson Date: Wed, 14 Nov 2001 08:54:53 +1000 Topicbox-Message-UUID: 219c6da2-eaca-11e9-9e20-41e7f4b1d025 > Setting up plan 9 authentication is like giving birth through your eye ball. This wins my grossest analogy of the year award. EUGHHHHH! > That's all my fault. Rsc, ehg, and I have been working on a new security > architecture that makes ssh, ssl, private passwords, etc. easier to keep > track of and use, sort of sshagent++, in addition to fixing the plan9 > authentication. This both intrigues and worries me. I use ssh-agent a lot, but I have huge lingering worries that the chain of open FD back through process history and the IPC mechanisms is a gaping yaw of risk. Wouldn't a kerberos tkt like mechanism pose less risks? Isn't the pain of occaisional re-authentication purposeful? I exclude systems like the SUNray where a physical token can be removed and moved to carry the auth info. Having said which, if Plan9 has a clean abstraction for this (and the little I understand about the mechanisms suggest this strongly) then its a wonderful idea. Doesn't it also pose risks for loss of that parent ssh-agent-like thing? cheers -george -- George Michaelson | APNIC Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064 Phone: +61 7 3367 0490 | Australia Fax: +61 7 3367 0482 | http://www.apnic.net