On Sat, Feb 26, 2000 at 10:55:38AM -0500, Robert Watson wrote:
> Greg,
> 
> Sounds great, and a far cry improvement over today's Coda..  IPsec can
> solve many but not all of the Coda security problems.  It cannot address
> the issue of untrusted clients--if you limit connectivity to IPsec pairs,
> then those pairs are completely trusted.  Access to a token is sufficient
> to reveal the server secret, so any user with access can create tokens for
> any other user. It also doesn't protect the client from use of the Mariner
> port, and as we use a portmapper and dynamic port allocation, identifying
> Coda ports is more difficult than it used to be.

The mariner port has already moved to a unix domain socket, which is
slightly more secure than an open tcp port. The portmapper is more
difficult. But it is only used by the updateclnt/updatesrv, which are in
turn only used to syncronize the files in /vice/db and that (+ notifying
the servers of updates) could be done using rdist over ipsec or some
ssh/ssl tunnel.

Jan