[KLUG Members] Re: An off-shoot IPX/SPX question... -- encryption in the networking stack

Bryan J. Smith members@kalamazoolinux.org
10 Dec 2002 17:08:18 -0500

Previous message: [KLUG Members] An off-shoot IPX/SPX question...
Next message: [KLUG Members] An off-shoot IPX/SPX question...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--=-3J4DmpzcN24E6kNlD2M0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-12-10 at 15:30, Adam Williams wrote:
> You don't need a Netware box as a go between.  The kernel has supported=20
> IPX for some time.

As I mentioned in my other post, there is _0_ encryption at the IPX/SPX
layer in NetWare itself (unless I've missed something).

It's in the session+ layers via the NCP (NetWare Core Protocol) in
NetWare 4+ with RSA encryption.

> I disagree as well,  security updates to Samba occur frequently and=20
> promptly;  and they are really bright guys.  IPX code tends to be less=20
> maintained, and dual stacking inherently adds complexity, which inherentl=
y=20
> effect stability.

Er, you're talking apples-to-oranges here:

                "Windows             Novell
                 Networking"         NetWare
                ------------------   --------------
Session+        SMB                  NCP       <--- Encryption is here
Transport       NetBIOS [over]       SPX [over]
Network         NetBEUI, IP or IPX   IPX or IP

It doesn't matter what you are running underneath, if NetBIOS is being
encapsulated over TCP/IP, IPX, SPX/NCP over TCP/IP, etc...

It's the session and higher layers that do the encryption -- be it
NetWare's RSA, MIT's Kerberos, Microsoft's Kerberos or, optionally,
Samba w/SSL (which Windows client's don't support).


--=20
Bryan J. Smith, E.I. (BSECE)       Contact Info:  http://thebs.org
[ http://thebs.org/files/resume/BryanJonSmith_certifications.pdf ]
------------------------------------------------------------------
  The more government chooses for you, the less freedom you have.


--=-3J4DmpzcN24E6kNlD2M0
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA99mXSDjEszaVrzmQRAi3KAKDci6jBOroBEKwJbqC3yiLgD4WUwwCgzgdS
I4JlaFiFXn0I6ixIAnnZvKI=
=KGuy
-----END PGP SIGNATURE-----

--=-3J4DmpzcN24E6kNlD2M0--

Previous message: [KLUG Members] An off-shoot IPX/SPX question...
Next message: [KLUG Members] An off-shoot IPX/SPX question...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]