[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Vrs-development] Encrypted NFS with OpenSSH and Linux
|
From: |
Chris Smith |
|
Subject: |
Re: [Vrs-development] Encrypted NFS with OpenSSH and Linux |
|
Date: |
Thu, 14 Feb 2002 18:30:19 +0000 |
On Thursday 14 February 2002 15:34, Bill wrote:
> --- Chris Smith <address@hidden> wrote:
> > Very interesting idea. Basically they're deploying
> > an encrypted tunnel
> > through which they're pumping NFS traffic.
> >
> > Using this technique, any traffic could be pumped
> > through.
>
> Or we could just use IPsec VPN.
>
> http://www.samag.com/documents/s=4072/sam0203c/sam0203c.htm
>
> This may help to simply extend the sandbox accross the
> net for the Cluster as a whole.
Well...
If we're proposing a tight binary protocol of some sort to gaffa-tape LDS's
into a VRS cluster, then we might as well do the encryption ourselves. Easy
with openSSL.
The LDS's could hand out their Public keys on request - or it could be the
responsibility of the Node Discovery Server ( or whatever ).
Private keys are kept private. This is okay actually, because the owner of
an LDS has a vested interest in keeping their private key secure - and so is
not open to attack by the owner of that LDS!
Oh. Bugger....
I thought I had a great idea just for a moment. Now here's a thing:
If resources are stored ENCRYPTED across the cluster, then every LDS must
know both the public key that encrypts the data and the private key that
decrypts it. So where is the security in that?
The keys may be stored within our virtual filesystem, but they're still
there. And as this project is openSource, well, someone could very easily
hack the code, build an LDS, join a VRS and suck all the data out of it.
I've missed some fundamental property that makes it all secure haven't I?
Hope so.
Chris
--
Chris Smith
Technical Architect - netFluid Technology Limited.
"Internet Technologies, Distributed Systems and Tuxedo Consultancy"
E: address@hidden W: http://www.nfluid.co.uk