[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure NFS w/ changing IP
At this (Sun, May 02, 1999 at 04:19:24PM +0300) day, Alex Shnitman wrote:
| Hi.
|
| Is anybody aware of an alternative to NFS that works the way ssh does,
| i.e. does authentication not according to the IP but according to the
| existance of the right key on the other side? Some kind of NFS with
| public-key cryptoraphy? In other words, something that is to NFS what
| ssh is to rsh.
Theres an on going poject of ietf concerning secure IP connection.
Check out http://www.ietf.org/html.charters/ipsec-charter.html for basic ground,
and plany links about Internet-Drafts and rfc's.
Try there is also a mailing (preety nosie - about 20 mails a day - but preety intersting) list at linux-ipsec@clinet.fi.
from linux's Security-HOWTO:
6.3 Linux x-kernel IPSEC Implementation
Along with CIPE, and other forms of data encryption, there is also an implemention of IPSEC for Linux. IPSEC is an effort by the IETF to create cryptographically secure communications at the IP network level, which also provides authentication, integrity, access control, and confidentiality. Information on IPSEC and Internet draft can be found at http://www.ietf.org/html.charters/ipsec-charter.html. You can also find links to other protocols involving key management, and an IPSEC mailing list and archives.
The Linux implementation, which is being developed at the University of Arizona, uses an object-based framework for implementing network protocols called x-kernel, and can be found at http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html. Most simply, the x-kernel is a method of passing messages at the kernel level, which makes for an easier implementation.
As with other forms of cryptography, it is not distributed with the kernel by default due to export restrictions.
--
Guy Cohen <guy@spice.org.il>