Create a new UAM with strong cryptography

[rdmark]

The most recent UAM (User Authentication Method) in AFP is DHX2, which was introduced in 2002 with Mac OS X 10.2. It uses CAST-128 cypher in CBC mode with Diffie–Hellman key exchange. By any measure, it cannot be considered secure in this day and age.

Now when the AFP client in macOS has finally been flagged as deprecated with macOS 15.5, it opens up for this project to propose new UAMs that uses modern cryptography. This is of course a theoretical feature unless the client can support the new UAM, but there are open source AFP clients out there which could implement the new UAM.

Step one would be to propose a design for the new UAM and choose a future proof cryptographic algorithm and delivery method.