Re: encryption on network

["Christopher R. Hertel" <crh@ubiqx.mn.org>]

Jeremy Allison wrote:
:
>> Right, but the question particularly listed WinXP as one of the
>> participating clients.  Windows clients don't support the Unix extensions,
>> so they don't support encrypted SMB and that kinda ruins the whole thing,
>> eh?  [sad face]
> 
> Yes I realize that. But that's not what you said. You said:
> "The SMB protocol does not provide any mechanism for encrypting traffic
> between clients and servers." - but that's not generically true,
> only between *Microsoft* clients and servers.

Well... technically the SMB protocol (as it exists today) is defined by the
Microsoft specifications, and they don't include any support for encryption.

There is, unfortunately, no "official" specification of the Unix extensions
for SMB (only an old draft that doesn't include encryption, IIRC).  Also, as
their name suggests, they're extensions to the protocol which means that
they're not part of the protocol itself.

> You made it sound like that was definitive, and you are the
> acknowledged authority on CIFS/SMB, so I couldn't let that
> stand. People link to your posts here :-).

Absolutely right to set the record straight.  I should have added the caveat
that the Unix extensions include support for encryption.

>> Please allow me to join the choir on that.  (I'll sit at the back and not
>> get in anyone's way.)  [winky face]
> 
> Maybe if we all wish REALLY HARD, Steve and Jeff will hear
> us.. :-).

Don't forget to click your heels together and burn the tana leaves when the
moon is full over Vermont.  ;)

Chris -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh@ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh@ubiqx.org