Subject: None
To: Erik E. Fair <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-security
Date: 03/24/1997 17:47:04
"Erik E. Fair" (Time Keeper) <> writes:

>One phrase: NFS on IP security.

Amen to that.

In those environments where IP address checks are apparently ``way too
slow'', I have a hard time imagining per-packet triple-DES encryption
is acceptable.  

If you don't do per-host access checks at the NFS RPC level, and do
just authentication not encryption, how does IPsec stop a third party
from sniffing filehandles in mount requests and using them to send
(authenticated!)  NFS RPC requests?

(assuming you accept any non-authenticated IP packets, that is.)