> -----Original Message-----
> From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
> Sent: Thursday, June 7, 2018 1:55 AM
> To: Steve French <smfrench@xxxxxxxxx>
> Cc: CIFS <linux-cifs@xxxxxxxxxxxxxxx>; Pavel Shilovskiy
> <pshilov@xxxxxxxxxxxxx>; Tom Talpey <ttalpey@xxxxxxxxxxxxx>; Aurélien
> Aptel <aaptel@xxxxxxxx>
> Subject: Re: [PATCH] smb3: do not allow insecure cifs (vers=1.0) mounts if
> mounting smb3
>
> Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
>
> Only suggestion would be to change the word "forbidden" to something else.
> "... downgrade to insecure xyz is not allowed with smb3 ..." or similar?
Agreed, it's a more meaningful statement that way.
But one nit - it could be argued that SMB2.1 is less secure than 3.x, yet the patch allows it. I think the point is that with a 3.x-style negotiation, the client can ensure that it is not being attacked by a MITM attempting to downgrade, and that 2.1 is simply a minimum bar. So I'd suggest not using the rather vague word "insecure". Just say downgrade to <name of offered dialect> isn't allowed, and done.
Tom.
> On Thu, Jun 7, 2018 at 9:02 AM, Steve French <smfrench@xxxxxxxxx> wrote:
> > --
> > Thanks,
> >
> > Steve
��.n��������+%�������w��{.n�����{������ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
