[RFC] Security Enhanced NFS (SENFS) Requirements - draft 05
James Morris
jmorris at namei.org
Sat Jun 23 16:45:57 EDT 2007
On Sat, 23 Jun 2007, Casey Schaufler wrote:
> I heartily recommend seperating the overall effort into three parts:
>
> 1. transportation and storage of general extended attributes.
> 2. protection and integrity of the information in #1.
> 3. translation and/or mutual policy enforcement negotiations.
>
> For step 1 I have passed along a worked example.
> For step 2 call to 1-800-GOTCRYPTO.
NFSv4 security is based upon security at the RPC layer, and in practice
will commonly utilize RPCSEC_GSS. It would not be impossible to use
labeled IPSec, but it would not be acceptable as a general solution.
More information about the NFSv4
mailing list