Coda File System

Re: Portmapper

From: Perry E. Metzger <perry_at_piermont.com>
Date: Tue, 31 Mar 1998 09:58:37 -0500
thoth_at_purplefrog.com writes:
> >  > 1) Security -- how can we secure the portmapper?  Clearly security is an
> >  > issue -- we need to know that the returned port information is correct.
> >  > However, the portmapper might be mapping the authentication service;
> >  > similarly, the portmapper might be a more general function for many
> >  > possible daemons, in which case how does it authenticate?
> 
>   NTP uses shared secrets.  SSL uses certificate authorities.  Maintaining a
> single CA certificate to verify server certificates is a little easier than
> copying all the keys around.

You guys might be interested in trying out some of the SPKI stuff. (I
mention this partially because I'm co-chair of the IETF working
group.) There is now publicly redistributable code implementing the
whole thing, and in my opinion, the model is much better than that in
X.509 (and much, much, much simpler).

Perry
Received on 1998-03-31 10:02:18