Are AFS file transfers encrypted?
Måns Nilsson
mansaxel at sunet.se
Fri Sep 16 21:50:15 CEST 2005
--On den 16 september 2005 01.14.39 +0000 " jackt123 at gmail.com"
<jackt123 at gmail.com> wrote:
> 2) If so, how is the encryption established?
> With SSH, I had to click YES the first time
> I connect to a server (to trust the public key is not tampered).
> But with Kerberos and AFS, I never had to do that.
> Can someone help clarify for me (or point me to where
> to read more)?
>
> Thanks so much!
The encryption in AFS and Kerberos depends on a trusted third party. This
means that there is an anchor of trust that both the client and server can
attach to; and thus they do not need to communicate pubkeys in-band, which
is what you saw in SSH.
This is both a strength (since you are not exposed to MITM attacks in the
same ways as with SSH without pre-verified keys) and a weakness (since it
requires a quite elaborate infrastructure to be present before you can
start running the system.
--
MÃ¥ns Nilsson Systems Specialist
+46 70 681 7204 cell KTHNOC
+46 8 790 6518 office MN1334-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00004.pgp
Type: application/octet-stream
Size: 185 bytes
Desc: "PGP signature"
Url : http://lists.stacken.kth.se/pipermail/arla-drinkers/attachments/00000000/c3f2549d/pgp00004.obj
More information about the Arla-drinkers
mailing list