logo_kerberos.gif

Roadmap

From K5Wiki
Revision as of 21:21, 21 June 2009 by TomYu (talk | contribs)

Jump to: navigation, search

This is the outline of the development roadmap for MIT Kerberos.

Timeline

Target 6 to 12 month cycle. (9 months plus/minus 3)

krb5-1.8
Branch Jan. 2009
Release early Mar. 2010
krb5-1.9
Branch Sep. 2010
Release Dec. 2010

Guiding principles

  • Code quality
  • Modularity
  • End-user experience
  • Administrator experience
  • Performance
  • Protocol evolution

Code quality

  • Remove krb4 (1.7)
  • Move toward test-driven development
  • Increase conformance to coding style
    • "The Great Reindent"?
    • Selective refactoring
  • Use safer library functions (ongoing)
    • Avoids false positives
    • Avoids need to (probably manually) evaluate "unsafe" calls
    • Stop using strcpy, strcat, sprintf, etc.
      • Mostly done
      • New internal APIs for complex operations
  • Reduce commitment to "difficult" platforms

Modularity

  • Crypto (1.8)
    • Native (accelerated) crypto API support
    • Performance optimizations (caching, etc.)
    • New API design 1.7+
  • Support readily building subsets (1.8)
    • "Lite" client
    • "Lite" server
    • "GSS-API": separate context establishment from message protection functions, e.g. Solaris user/kernel space split
  • GSS-API mechanism glue
    • At least rough form to enable NTLM support (1.7)
    • Possible refinements later (1.8)
  • KDC Database (long-term)
    • Does the existing DAL make sense?
    • Make data model less "blobby"
    • Track IETF data model work
    • New API around 1.8
    • New implementation around 1.9
  • Secure co-processor ("would be nice")

End-user experience

  • Enhanced error messages for GSS-API (done)
  • Referrals (1.7)
    • DNS independence via referrals
  • Localization of static error strings (1.7+)
  • Credential management
    • KIM API (done)
    • Cross-platform CCAPI
      • Done for Mac & Windows
      • UNIX implementation (1.7+)

Administrator Experience

  • Incremental propagation (1.7)
    • Integrated; needs cleanup
  • Improve key rollover
    • Master key (1.7)
    • Application service keys (1.8)
  • Decrease DNS-related fragility
    • Investigate LHA/Apple proposal to store config information in ccache to signal when a realm supports referrals and thus the option to eschew reverse DNS resolution
  • Audit support (log all ticket requests) (1.7+)
  • Disable DES by default (1.8)
    • Investigate doing this for 1.7 and removing single-DES completely by 1.8
    • Add more versatile facilities for configuring cryptosystems

Performance

  • Decrease DNS traffic (1.7)
    • Stop trying to crawl up to the root
  • Replay cache ("rcache")
    • Disable on KDC (1.7)
      • Avoids known false-positive issues
    • Collision avoidance (1.7+)
    • Improve implementation (1.7+)
    • Support disabling by service type name (1.7+)
  • New crypto API (1.8) facilitates optimizations
  • Concurrency

Protocol evolution

  • Encryption algorithm negotiation (1.7)
  • Microsoft Kerberos extensions (1.7)
  • Improved PKINIT support (1.7)
  • Anonymous PKINIT (1.8)
  • FAST (done in 1.7 for a subset; IETF)
  • International strings in protocol (1.8+; IETF)
  • Timestamp-independence (1.8, 1.9)
  • Replay-proofing protocols (1.8, 1.9)