To: Erik E. Fair <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 03/24/1997 17:47:04
"Erik E. Fair" (Time Keeper) <email@example.com> writes:
>One phrase: NFS on IP security.
Amen to that.
In those environments where IP address checks are apparently ``way too
slow'', I have a hard time imagining per-packet triple-DES encryption
If you don't do per-host access checks at the NFS RPC level, and do
just authentication not encryption, how does IPsec stop a third party
from sniffing filehandles in mount requests and using them to send
(authenticated!) NFS RPC requests?
(assuming you accept any non-authenticated IP packets, that is.)