On Mon, Jul 01, 2013 at 03:47:38PM +0800, drankye wrote: > > > Hi all, > > About 2 years ago, it was asked “when will we be able to use > LIPKEY on NFS4 on Linux?”. Ref. http://permalink.gmane.org/gmane.linux.nfs/35560. > There Trond replied as below: > “ > We're likely to drop the requirement that SPKM3/LIPKEY be a > mandatory > security mechanism for NFSv4 in the revised RFC3530 (a.k.a. > RFC3530bis) > that is being drafted. > > The reason is that the SPKM3 mechanism (on which LIPKEY > relies) appears > to contain inherent security flaws that are difficult to > fix. The IETF > security group have therefore pretty much killed it as an > option. > Other alternatives to SPKM3 are being discussed, but I'm not > aware of > anything that replaces LIPKEY. > “ > I’m wondering today what’s the status of SPKM3/LIPKEY > support for NFS4 on Linux. Does anyone know that? Is SPKM3/LIPKEY dropped from > NFS4 or available now with the inherent security flaws being fixed? It's gone. (The kernel code was removed by 1e7af1b8062598a038c04dfaaabd038a0d6e8b6a "J. Bruce Fields <bfields@xxxxxxxxxx>".) And my understanding is that the flaws were inherent to the specification and not fixable in implementation. --b. > > Thank you very much for your update. > > Regards, > Kai > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
