Kernel subset design issues
nico at cryptonector.com
Tue Apr 26 04:39:05 EDT 2011
On Tue, Apr 26, 2011 at 3:19 AM, Sam Hartman <hartmans at mit.edu> wrote:
> Nico> I never understood why we need to distinguish between
> Nico> "exported sec context" and "exported lucid sec context",
> Nico> except as a way to avoid cleaning up the existing sec context
> Nico> export/import functions... Here's your chance to make that
> Nico> distinction go away.
> At the time we didn't want to standardize our export token format.
> In the lucid structure, the userspace code is responsible for making the
> exported context right for what the kernel supports.
> If we standardize something we'd need to standardize something
> extensible and the kernel would need to skip parts of it.
> Here, note that by standardize I mean write down, not something within
> the IETF.
So you thought that the exported security context token format was
unstable, likely to be unstable, and at that too unstable to
coordinate with the one kernel-mode consumer that existed?
Well, whatever. It is what it is. But now is a good chance to
actually change the exported context token format into something that
More information about the krbdev