On 20.03.20 02:44, Russell L. Carter wrote:
Here I commit heresy, by A) top posting, and B) by just saying, why not make it easy, first, to tunnel NFSv4 sessions through e.g. net/wireguard or sysutils/spiped? NFS is point to point. Security infrastructure that actually works understands the shared secret model.
Why not use IPsec in transport mode instead of a tunnel? It avoids unnecessary overhead and is already implemented in the kernel. It should be enough to "just" require IPsec for TCP port 2049 and run a suitable key exchange daemon.
_______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
