>>> As soon as you need security, the performance of v3 becomes >>> irrelevant. >> Unless your threat model is such that you can get that security >> through infrastructure [...] > OTOH NFSv3 itself and the security workarounds come with a cost (not > least the inevitable constraints on the system's management and > evolution/adjustment).
Yes, but... > Relying on some mainstream OS with support for NFSv4 does not bring > similar disadvantages. ...doesn't it? In my experience, *every* OS, including "mainstream" ones, comes with its own constraints on system mangement, evolution, and adjustment. It's a question of tradeoffs: which set of constraints is less of a problem for the use case in question? > As a result, without NFSv4 it is hard to expect that NetBSD would be > considered for new NFS installations. :-( Is it? My feeling - deriving largely from my experience - is that NFS is far more likely to be deployed in a private internal network than over relatively attackable networks like the open Internet. Do you have reason to think that feeling is wrong in the large, that "new NFS installations" predominantly have threat models where on-the-wire attacks are significant enough for them to find NFSv3 unacceptable? (Honestly, my guess would be that most of them have not even formulated their threat model.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
