Great Circle Associates Firewalls
(June 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: secure replication of data in insecure networks
From: "Craig I. Hagan" <hagan @ cih . com>
Date: Thu, 26 Jun 1997 12:08:20 -0400 (EDT)
To: Adam Shostack <adam @ homeport . org>
Cc: "Simon J. Gerraty" <sjg @ quick . com . au>, vax @ linkdead . paranoia . com, firewalls @ GreatCircle . COM
In-reply-to: <199706261351 . JAA07914 @ homeport . org>
Reply-to: hagan @ cih . com 
> 	Given the history of NFS security failures, and its explicit
> design as insecure, perhaps it would make more sense to build a secure
> file system on top of NFS, by using filesystem level crypto, and
> choosing to leave the transport insecure.
> 

you present an interesting idea. Hows this for a rough implementation
idea: CIFS works through a loopback nfs mount, this would imply that it
*could* work over a network NFS mount, yeilding a secure network backing
store with all data transferred being encrypted and just the local client
presentation being in the clear.  hmmm... 

-- craig


-------------------------------------------------------------------------------
Craig I. Hagan     "It's a small world, but I wouldn't want to back it up"
hagan @
 cih .
 com	        "True hackers don't die, their ttl expires"
  	"It takes a village to raise an idiot, but an idiot can raze a village"

	Stop the spread of spam, use a sendmail condom!
	     http://www.cih.com/~hagan/smtpd-hacks
Follow-Ups:
References:
Indexed By Date Previous: Exchange Help ...
From: Mark Berman <markb @ icon . co . za>
Next: RE: Redeploying Checkpoint-1 firewalls question (Restated)
From: Mimi Herrmann <lothie @ tis . com>
Indexed By Thread Previous: Re: secure replication of data in insecure networks
From: "Simon J. Gerraty" <sjg @ quick . com . au>
Next: Re: secure replication of data in insecure networks
From: "Simon J. Gerraty" <sjg @ quick . com . au>
Google
 
Search Internet Search www.greatcircle.com