From owner-freebsd-security  Fri Jan 12 17:45:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123])
	by hub.freebsd.org (Postfix) with ESMTP id 1FDDA37B400
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Jan 2001 17:45:09 -0800 (PST)
Received: (from kris@localhost)
	by citusc.usc.edu (8.9.3/8.9.3) id RAA24739;
	Fri, 12 Jan 2001 17:46:16 -0800
Date: Fri, 12 Jan 2001 17:46:16 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Roman Shterenzon <roman@xpert.com>
Cc: Artem Koutchine <matrix@ipform.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: Encrypted networked filesystem needed
Message-ID: <20010112174616.D23818@citusc.usc.edu>
References: <00aa01c07cbd$71209dc0$0c00a8c0@ipform.ru> <Pine.LNX.4.30.0101122013350.25136-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="EP0wieDxd4TSJjHq"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.LNX.4.30.0101122013350.25136-100000@jamus.xpert.com>; from roman@xpert.com on Fri, Jan 12, 2001 at 08:22:58PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--EP0wieDxd4TSJjHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Jan 12, 2001 at 08:22:58PM +0200, Roman Shterenzon wrote:

> If IPSec is supported on both sides, it is the best available solution.
> You'll get a completely transparent encryption and a powerful NFSv3
> server/client. Did I mention that FreeBSD rocks?
> This way all network services will be secured and since the most of IPSec
> (AH/ESP) is done in the kernel mode, it'll be quite fast even on
> moderate hardware.

Unfortunately I think there are some layering bugs with NFS + IPSEC on
FreeBSD - I have had lots of NFS filesystem wedges when testing this.

Kris

--EP0wieDxd4TSJjHq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6X7NmWry0BWjoQKURAmLxAJoDXx0h9m/bg2utAqVREIpcbyza4ACfX+5E
qJ9rpZ/UZsRSqlodcChm+fU=
=mfmA
-----END PGP SIGNATURE-----

--EP0wieDxd4TSJjHq--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message