Connectathon is almost over!

The ultimate in NFS conferences, Connectathon is now in its final days for 05.

check out the talks:
http://www.connectathon.org/talks05/index.html

The last one had a interesting security note:
pNFS Update and Security Discussion - Brent Welch, Panasas

In reference to pNFS (later blog), the block solution for "security" from the client to the data servers is authenticated via a "capability". The only problem being that this completely susceptible to snoop/man in the middle attacks. So we really relying on physical access to the network.

And i believe i was just complaining to fellow group memebers last week how silly it was that we still support DH - oh well.

man i hate blocks.

Note: Brent is a super sharp guy and didn't come up with the security solution, he was just explaining it.
Note2: Brent mentioned you could use IPsec to protect the "capability", but why not just use a files solution and krb5?

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

erickustarz

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today