NFS and Security.

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: V.Rajendran (rajen@calculus.distinct.com)
Date: 03/06/97-08:32:33 AM Z

Next message: Mike Eisler: "Re: NFS and Security."
Previous message: Michael R. Eisler: "Re: Heads Up: Security Requirements for Working Groups (Fwd)"
Next in thread: Mike Eisler: "Re: NFS and Security."
Reply: Mike Eisler: "Re: NFS and Security."

From: "V.Rajendran" <rajen@calculus.distinct.com>
Message-Id: <199703061432.OAA15611@calculus.distinct.com>
Subject: NFS and Security.
Date: Thu, 6 Mar 1997 06:32:33 -0800 (PST)

Telephone (work) : +1-408-366-8933
FAX (work):        +1-408-366-0153
Reply-To : rajen@distinct.com
Return-Receipt-To : rajen@distinct.com
Address : 
---------------------------------------------------------------
Office :
Distinct Corporation
12900 Saratoga Ave. , 
Saratoga , CA95970.
USA.
---------------------------------------------------------------
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1479      

>
>> From brent@jurassic Tue Mar  4 23:49:39 1997
>[...]
>> threats, the IETF expect more rigorous analysis of the susceptibilities
>> of a protocol than in the past, e.g. an authenticated client could
>> re-export NFS filesystems to unauthenticated clients.
>
>When do this analysis, we should point out:
>
>An authenticated client could automatically post selected files to
>an http site too. 
>

I presume the discussion will be analysing the security deficiencies
in the NFS protocol and NOT between the NFS client and server. If I 
use FTP as an example, sending the password in clear text is a
security loophole in the FTP protocol while if an authenticated FTP client
takes a secure file  from the server and plasters it on the front
page of the newspaper it is a security problem with the server and 
client and it does NOT diminish the authentication arrangement 
between the client and server.

>In any authenticated client/server relationship there is an implication
>of mutual trust: the client and server won't disclose information that
>each party wants kept confidential. A server that sees that trust
>violated has recourse: deny access to the client. A client can take his
>filing business elsewhere.
>

If the nfs server happens to be a Web NFS Server then it is impossible
that there is an implicit trust relation between the client and server.
(Especially in these days of paranoia :-))
The trust,if any,is explicit and  the reason is  authentication.

Raj

Next message: Mike Eisler: "Re: NFS and Security."
Previous message: Michael R. Eisler: "Re: Heads Up: Security Requirements for Working Groups (Fwd)"
Next in thread: Mike Eisler: "Re: NFS and Security."
Reply: Mike Eisler: "Re: NFS and Security."

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.2 : 03/04/05-01:45:29 AM Z CST