On Wed, 10 Feb 1999, Peter J Braam wrote:
> by default we encrypt headers only when using authenticated connections.
>
> It is a matter of changing a flag to make this "everything" encrypted.
> Our encryption is currently weak xor, but Robert Watson is working on
> patches for all kinds of encryption.
However, it is important that those reading this understand that the
changing of a flag cannot make your connections authenticated with the
current code; the RPC layer currently handles *only* privacy, not
authenticity. I.e., Anyone can stuff random garbage into a packet and
have it written to files, even with RPC2's current 'authenticated
connections' or 'secure connections'. This is one of the details
mentioned in the patch description I gave a few days ago; even if you do
drop in DES in place of the XOR algorithm, you actually gain nothing.
Until such time as the strong encryption/authentication support is in, I
would recommend against assuming Coda provides on-the-wire security of any
type.
On the other hand, this is no different from your average NFS session in
terms of wire security, but does provide a nicer user-land authorization
model that is both more scalable and flexible than the NFS model. Some
might say that Coda actually *has* an authorization model, as opposed to
NFS :-).
Robert N Watson
[EMAIL PROTECTED] http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C
Carnegie Mellon University http://www.cmu.edu/
TIS Labs at Network Associates, Inc. http://www.tis.com/
SafePort Network Services http://www.safeport.com/
