Gordon Ross wrote: > I'd appreciate comments from this > community on the issues below. 1-8 are background, 9-11 are open > issues.
> 9: What signing policy options should our CIFS client offer? > One question raised was: "Why have this option at all?" That's a > good question. One could do without this option. The thing about not having an option is that the choices all offer conflicting goals. You can choose "required" to meet a secure-by-default goal and lose access to older servers that don't support signing. You can choose "enabled" and lose the ability to definitively thwart MITM attacks. You can choose "disabled" and a client can't ask for signing. Having a switch available seems useful to me. > 10: What should be the default value for the client signing options? I think least-surprise "disabled" makes the most sense to me. I could live with "required", since there are likely not that many servers that can't support signing at all. > 11: Who should be able to adjust the signing options? What I'd probably prefer is that a user can raise the level of security but not lower it. We have this with "minauth", I believe. I think it's reasonable to support this. Rob T _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
