[Lustre-devel] Security issues
Eric Mei
Eric.Mei at Sun.COM
Mon Aug 11 12:51:48 PDT 2008
Peter Braam wrote:
>>> You do need to sign it and encrypt it - for multiple purposes, to secure the
>>> wire transaction and for storage on the server.
>> Sorry I'm still a little confused. To be exactly clear, do you mean: In
>> the future we'll use NASD-style protocol to secure the bulk data's wire
>> transfer & storage on server; and for now we can simply leave the bulk
>> data unprotected?
>
> No you need to be able to encrypt it.
>
> I'm just stating that if you the current solution (which gives privacy using
> GSS between client and OSS iirc) is going to be changed, then please change
> it in the correct way to accommodate re-using checksums and re-using the
> encrypted data for storage. Doing either of these things twice is
> pointless.
>
> Probably there should be options not to do so as part of the configuration.
Peter, Thanks for clarifying this! Yes that's what we're thinking.
--
Eric
More information about the lustre-devel
mailing list