On Fri, Mar 30, 2007 at 11:09:17AM +0200, Stefan (metze) Metzmacher wrote:
So I think it would be much better to use the vuid as enc-ctx,
but check for each call to a specific tid that the call was encrypted
or not. And maybe also allow plain requests with the vuid, or force the
client to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Bartlett schrieb:
I agree that the trans2 stuff is ugly, but at least it is in an already
reserved space in the protocol. Whatever we do, we should continue to
allow a re-key modal (despite the issues it then has with credentials
On Fri, Mar 30, 2007 at 11:43:11AM +0200, Stefan (metze) Metzmacher wrote:
We could also create a new call at SMB level maybe SMBsesssetup2?
There're a lot of free message numbers. Are there also some ranges
defined? Or were the number randomly picked by the first implementor of
a call?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan (metze) Metzmacher schrieb:
So I think it would be much better to use the vuid as enc-ctx,
but check for each call to a specific tid that the call was encrypted
or not. And maybe also allow plain requests with the vuid, or force the
client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Volker Lendecke schrieb:
On Fri, Mar 30, 2007 at 11:43:11AM +0200, Stefan (metze) Metzmacher wrote:
We could also create a new call at SMB level maybe SMBsesssetup2?
There're a lot of free message numbers. Are there also some ranges
defined? Or
On Fri, Mar 30, 2007 at 11:09:17AM +0200, Stefan (metze) Metzmacher wrote:
So I think it would be much better to use the vuid as enc-ctx,
but check for each call to a specific tid that the call was encrypted
or not. And maybe also allow plain requests with the vuid, or force the
client to
On Fri, Mar 30, 2007 at 11:43:11AM +0200, Stefan (metze) Metzmacher wrote:
We could also create a new call at SMB level maybe SMBsesssetup2?
There're a lot of free message numbers. Are there also some ranges
defined? Or were the number randomly picked by the first implementor of
a call?
A
On Fri, Mar 30, 2007 at 12:32:16PM +0200, Stefan (metze) Metzmacher wrote:
Then I'd say it should be a trans2 call on the IPC$ share.
Yep, that's what we decided on.
Is that trans2 call a replacement for the session setup?
or is it just an 'switch on encryption for the next request'
on the
On Fri, Mar 30, 2007 at 09:36:11AM -0700, Jeremy Allison wrote:
A lesson in SMB politics. The top level numbers are defined by
Microsoft who reserve the right to allocate new ones at any
time and for any reason. The space *we* have reserved to allocate
from is the trans2 space defined in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
Author: jra
Date: 2007-03-27 21:13:31 + (Tue, 27 Mar 2007)
New Revision: 21991
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21991
Log:
I hate Steve French :-). Add support for
On Thu, Mar 29, 2007 at 09:41:23AM +0200, Stefan (metze) Metzmacher wrote:
Log:
I hate Steve French :-). Add support for encryption
contexts
Jeremy.
Hi Jeremy,
can you explain that a bit more?
What - the hating Steve French (that's obvious) or the encryption
contexts ?
What
On Thu, Mar 29, 2007 at 09:55:52AM +0200, Stefan (metze) Metzmacher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21991
Log:
I hate Steve French :-). Add support for
On Mar 29, 2007, at 9:31 AM, Jeremy Allison wrote:
On Thu, Mar 29, 2007 at 09:41:23AM +0200, Stefan (metze) Metzmacher
wrote:
Log:
I hate Steve French :-). Add support for encryption
contexts
Jeremy.
Hi Jeremy,
can you explain that a bit more?
What - the hating Steve
On Thu, Mar 29, 2007 at 10:23:57AM -0700, James Peach wrote:
Why is having the ability to do this a good thing? If a client wants
to do unencrypted traffic it can always set up a new session.
Yes, but the thing that convinced me was the ability
to have the following :
[share_secure]
On Mar 29, 2007, at 10:35 AM, Jeremy Allison wrote:
On Thu, Mar 29, 2007 at 10:23:57AM -0700, James Peach wrote:
Why is having the ability to do this a good thing? If a client wants
to do unencrypted traffic it can always set up a new session.
Yes, but the thing that convinced me was the
On Thu, Mar 29, 2007 at 11:32:59AM -0700, James Peach wrote:
You probably also want to allow shares to have different levels of
encryption. For example,
[share_really_secure]
encryption = mandatory
minimum encryption = the_best_algorithm_we_implement
[homes]
encryption =
Author: jra
Date: 2007-03-27 21:13:31 + (Tue, 27 Mar 2007)
New Revision: 21991
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21991
Log:
I hate Steve French :-). Add support for encryption
contexts
Jeremy.
Modified:
17 matches
Mail list logo
