Anderson Nascimento [off-list ref] wrote:

To make the logic more coherent, what if we check if (rx->key ||
rx->securities) in both options and remove the rx->securities check from
rxrpc_request_key()?

You're allowed to have both a keyring (server) and a key (client).  You can
issue client calls on a server socket.  The in-kernel kafs filesystem does
this, for example - though it normally sets the outgoing key on individual
calls.

To parallel the kernel example, it might be worth my while adding a CMSG tag
to take a key ID or key description so the rxrpc_sendmsg() can do a
request_key() when setting up a call (the AF_RXRPC socket allows a different
key with each call dispatched), though the AFS command line tools tend only to
talk to a single cell at a time (you only need one key for comms with an
entire cell).

Davod