On Tue, 2013-04-02 at 14:53 -0400, Jim Rees wrote: > Simo Sorce wrote: > > > And stop using the term "mitm". A mitm attack is used to > > convince both ends of a connection that they are talking to each other. DNS > > is not a mutually authenticated exchange. > > Well it is still a sort of Man in the Middle, as you also have to > redirect communications (nfsv4 uses TCP) for it to be effective, it is > just not exploiting a crypto issue. > > Now you've lost me again. I thought we were discussing dns. What does nfs > have to do with it? It's complicated, but if you re-read the scenario I wrote and think how the rpcgss communication happens you should see it. Simo. -- Simo Sorce * Red Hat, Inc * New York -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
