PSARC 2007/397 NDMP Service
Darren J Moffat
Darren.Moffat at sun.com
Tue Jul 3 05:38:54 PDT 2007
Mark A. Carlson wrote:
> I agree with your comments on the weak security in the NDMP
> standard. Unfortunately, the "relevant standards org" is NDMP.org
> and they have gone into hibernation for the most part. Attempts
> were made to turn it over to IETF at one point, but that never went
> anywhere. We are trying to start up a software effort in the SNIA
> that could reawaken interest in this protocol.
Does this mean use of the protocol is dead or just development of it
from version 4 ?
> The best approach would
> be to create a Sun Vendor Extension on security like Network Appliance
> has published here: http://www.ndmp.org/download/sdk_v4/extensions.shtml
I don't think a vendor extension is useful in this case since unless it
is a standard and mandatory to implement part of the protocol it
effectively means weak security except between Solaris clients. This is
exactly what happened with RPCSEC_GSS with NFSv3, it was mostly only
available between Solaris clients, with NFSv4 a GSSAPI based
authentication and transport confidentiality became mandatory to
implement. The same thing needs to happen to NDMP.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list