From mboxrd@z Thu Jan 1 00:00:00 1970 References: <5595227C.4090504@tfwno.gf> From: "steve@quintile.net" Content-Type: text/plain; charset=us-ascii In-Reply-To: <5595227C.4090504@tfwno.gf> Message-Id: <9F4D8B7E-6AAF-4A9F-BB38-5D1B24EF4FDA@quintile.net> Date: Thu, 2 Jul 2015 13:12:08 +0100 To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: [9fans] replace p9sk1 with something better(9front) Topicbox-Message-UUID: 5d12fbd0-ead9-11e9-9d60-3106f5b1d025 I think just replacing des keys with AES is not worth it. there is so little= data that des is quite secure (imho). replacing p9sk1 with pki is much more useful. rus posted to 9fans about want= ing to do this so a terminal could cache tickets to speed auth when the auth= server is remote - I cannot remember the details, sorry. also pki would allow the old 9grid ideas to resurface, if there are enough p= lan9 machines left :-) -Steve ps. inferno already uses pki, it would be best to be compatible unless there= is a very good reason not to be. > On 2 Jul 2015, at 12:37, gracc wrote: >=20 > as per http://wiki.9front.org/bounties >>> replace p9sk1 with something better >=20 > I'm looking to start on this, does anyone have thoughts on improvements? > At the moment I am intending to just replace the DES keys with AES but > is there any call for more structural changes? >=20 > I was thinking that an overhaul using public keys might be appropriate > so that the auth server would still be a trusted key holder but without > secret keys having to leave the user's machine. >=20 > (9front mailing list was down so im sending to 9fans instead, sorry if > that's a bother)