On Fri, Mar 09, 2012 at 04:31:57PM -0500, Daniel Kahn Gillmor wrote: > On 03/09/2012 02:49 PM, Simo Sorce wrote: > >This authentication method is obsolete and it is time it dies for good. > > Can i ask what it has been obsoleted by? I think pku2u? Someone who's following that effort will have to comment on how far along it is. > Neither https://tools.ietf.org/html/rfc2025 [SPKM] nor > https://tools.ietf.org/html/rfc2847 [LIPKEY] seem to suggest an > inheritor, and kerberos5 does not provide direct public-key-based > authentication (it's still reliant on an active and trusted > third-party). > > So it seems like SPKM and LIPKEY offer a cryptographic model that is > otherwise unavailable for authentication between NFS endpoints. Understood that people would like such a thing, but alas spkm3 and lipkey never quite managed to provide it. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
