[enfs-devel] Self-certifying file systems

[Tramm H. <hu...@sw...>]

Folks,

Here is an interesting project that is implemented via an NFSv3 servo:

	http://www.fs.net/sfs/new-york.lcs.mit.edu:85xq6pznt4mgfvj4mb23x6b8adak55ue/pub/sfswww/index.html

# On the client side, SFS implements a file system by pretending to be an
# NFS server and talking to the local operating system's NFS3 client.
# The program sfscd gets run by root (typically at boot time). sfscd spawns
# two other daemons--nfsmounter and sfsrwcd. 


They have a neat way of sidestepping most PKI issues by embedding
the key in the path:

# The key difference between SFS and any previous file system is that
# SFS always provides security over untrusted networks, but does not
# perform any key management. SFS accomplishes this by naming file systems
# by their public keys. Every SFS file server is accessible under a
# self-certifying pathname--a file name of the form: 
#
#              /sfs/Location:HostID 
#
# Location is the server's DNS hostname or IP address. HostID is a
# cryptographic hash of the server's public key. SFS uses a
# collision-resistant hash function to compute HostID. Thus, HostID
# effectively specifies a unique public key.  (The client can ask a server
# for its public key, hash the key, and ensure that the key returned by
# the server matches the HostID in a pathname). Self-certifying pathnames
# are automatically created, or "automounted", the first time they are
# referenced. 

Trammell
-- 
  o   hu...@sw...                                         O___|   
 /|\  http://www.swcp.com/~hudson/          M 240.476.1373    /\  \_  
 <<   KC5RNF                                H 505.315.5133    \ \/\_\  
  0                                                            U \_  |