(Illustration by Gaich Muramatsu)
On Wed, 10 Feb 1999, Peter J Braam wrote: > by default we encrypt headers only when using authenticated connections. > > It is a matter of changing a flag to make this "everything" encrypted. > Our encryption is currently weak xor, but Robert Watson is working on > patches for all kinds of encryption. However, it is important that those reading this understand that the changing of a flag cannot make your connections authenticated with the current code; the RPC layer currently handles *only* privacy, not authenticity. I.e., Anyone can stuff random garbage into a packet and have it written to files, even with RPC2's current 'authenticated connections' or 'secure connections'. This is one of the details mentioned in the patch description I gave a few days ago; even if you do drop in DES in place of the XOR algorithm, you actually gain nothing. Until such time as the strong encryption/authentication support is in, I would recommend against assuming Coda provides on-the-wire security of any type. On the other hand, this is no different from your average NFS session in terms of wire security, but does provide a nicer user-land authorization model that is both more scalable and flexible than the NFS model. Some might say that Coda actually *has* an authorization model, as opposed to NFS :-). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/Received on 1999-02-10 14:55:03