Re: [k]nfsd, nfs and security questions

Felix Schroeter (felix@mamba.pond.sub.org)
Tue, 2 Dec 1997 13:26:34 +0100 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Regis Duchesne: "Re: 2.1.69 compilation failed"
Previous message: Stefan Reinauer: "Security Bug in Virtual Terminal Driver (vt.c) ?!?"
Next in thread: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"

Hello!

In article <m0xXaAe-0005FrC@lightning.swansea.linux.org.uk> you write:
>[...]

>Alexey Kutznetsov did a really secure RPC using MD5, I dont know what the
>current state of that is. Given that Elliptic curve appears patent free
>and diffie hellman has expired there is good scope for military spec
>secure RPC now.

Elliptic Curve is not entirely patent free. For EC(2^n) there are
patents about using normal bases for fast computations in those
groups.

Public key cryptography on the RPC layer is, by the way, IMHO not
the way to go for securing NFS, because it's too slow. IMHO either
IPSec (with encryption and IP authentication -- usable if you trust
the *real* host with a given IP address) or some symmetrical systems
with initial key handshake using public key cryptography are the way
to go.

Regards, Felix.

Next message: Regis Duchesne: "Re: 2.1.69 compilation failed"
Previous message: Stefan Reinauer: "Security Bug in Virtual Terminal Driver (vt.c) ?!?"
Next in thread: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"
Reply: Alan Cox: "Re: [k]nfsd, nfs and security questions"