1995-07-12 - Re: ANNOUNCEMENT: Ssh (Secure Shell) remote login program

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: sdw@lig.net (Stephen D. Williams)
Message Hash: c1b0972ad39c475a8afce0d16c776b3058d15c8607e6cd936845b5408a4b499d
Message ID: <9507122105.AA11297@snark.imsi.com>
Reply To: <m0sW9UK-0009ydC@sdwsys>
UTC Datetime: 1995-07-12 21:06:42 UTC
Raw Date: Wed, 12 Jul 95 14:06:42 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 12 Jul 95 14:06:42 PDT
To: sdw@lig.net (Stephen D. Williams)
Subject: Re: ANNOUNCEMENT: Ssh (Secure Shell) remote login program
In-Reply-To: <m0sW9UK-0009ydC@sdwsys>
Message-ID: <9507122105.AA11297@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Stephen D. Williams writes:
> It occurred to me that it wouldn't be too tough to have one CFSD
> open a TCP/socket connection to another CFSD and pass file access
> requests instead of implementing them locally.  The encryption
> of the ssh link and the on disk encryption of CFSD should be a 
> good combination.

The whole point of CFS was that you could mount remote devices that
were encrypted and decrypt them locally. CFS acts like a scrim over
existing file systems. If the remote machine has your keys on it
you've reduced security and, seemingly to me, gained very little.

Now, what *would* be really neat would be an implementation of CFS in
kernel under 4.4lite using the stacked vnode architecture. It would
probably be fairly simple to do it, and you wouldn't have any context
switches or the like when cfs'ing...

Perry





Thread