On 12 mar 2010, at 03.58, Damon Atkins wrote: ... > Unfortunately DNS spoofing exists, which means forward lookups can be poison.
And IP address spoofing, and... > The best (maybe only) way to make NFS secure is NFSv4 and Kerb5 used together. Amen! DNS is NOT an authentication system! IP is NOT an authentication system! I don't think the (rw|root|...)=(hostname|address) kind of functionality has any place in a system from after the 80's, when the world got connected and security became an issue for the masses. It should be an extra feature marked with a big "insecure" that you should have to enable through a very cumbersome process. Instead, use Kerberos, or if that is not possible, at least use IPSEC to make IP address spoofing harder. /ragge _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
