Release Meeting Minutes/2013-02-12

David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu

Greg

Started work on auth_to_local interface. Want to fix some existing behavior. Can't distinguish different realms. Also a problem when using regex-based rules.

Greg

Probably will leave things alone in case someone depends on it, and document behavior.

Tom

git.mit.edu firewalled from off-campus soon.

Some discussion about CAMMAC. What purpose does a KDC MAC serve? Detached verification? Some people (Sam?) are skeptical about detached verification. Do we want something like ad-signedpath? What bits to sign?

Tom

S4U2Proxy -- CAMMAC as it currently exists is probably good enough to allow supporting it in the future. (e.g., could define a new authorization data type that MACs most of the content of the ticket, and put that in the CAMMAC.) So what is the minimum binding component?

Simo

cname, authtime, endtime -- to support detached verification.

Tom

Do you actually need detached verification?

Simo

Can probably use GSS proxy, but would like the option if needed in the future.

Tom

Will get text to you later this week.