Firewalls: Re: NFS vs. FTP

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NFS vs. FTP
From:	"Simon J. Gerraty" <sjg @ zen . quick . com . au>
Date:	Tue, 29 Oct 1996 10:11:17 +1100
To:	Adam Shostack <adam @ homeport . org>
Cc:	spayne @ dsdc . dla . mil, firewalls @ greatcircle . com
In-reply-to:	Your message of "Mon, 28 Oct 96 07:10:08 CDT." <199610281210 . HAA08581 @ homeport . org>

> Simon J. Gerraty wrote:
> 
> | >	3. The reason I say bad for wide are mounts is IP_SPOOFING
> | 
> | Crypto is the best bet for this.  The next release of unfs (actually
> | I'll be changing the name to snfs as unfs is the name of a Linux
> | project) will be able to use SSL as its transport.
> 
> 	Is SSL appropriate for this?  If you go to TCP only, it might
> be ok (what about key changes?), but I would see using the IPSec
> algorithims as a better move possibly involving a lot less public key
> activity.

Yes SSL is appropriate - I was talking TCP only anyway.
Also you will be able to run it on any platform imediately.
I haven't been following IPv6 closely for some time, but I'd guess
that it (and esp. IPsec) are years away from general availability.

--sjg

References:

Re: NFS vs. FTP
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	NCSA membership From: mitch @ qualcomm . com (Mark Mitchiner)
Indexed By Date	Next:	Re: Firewalls vs Blocking Sites From: Ron DuFresne <dufresne @ parka . winternet . com>
Indexed By Thread	Previous:	Re: NFS vs. FTP From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	Re: NFS vs. FTP From: Bruce Keller <gocbs @ midwest . net>