[linux-cifs-client] Re: 2 New encryption capability bits in UNIX extensions.

Jeremy Allison jra at samba.org
Thu Mar 29 17:43:47 GMT 2007


On Thu, Mar 29, 2007 at 10:40:56AM -0700, George Colley wrote:
> So when do sealing we only do it at below the tree level? Shouldn't  
> the whole VC be sealed? This seems a little strange to me. Why would  
> you every want to seal one tree connection and not another on the  
> same VC?

Currently if the encryption context returned by the server
is zero, then all traffic is encrypted. If a non-zero
context is returned then only traffic on the tid that
initiated this context is encrypted. This gives us
the ability to do both full session encryption as
well as tid-only encryption.

That's the design theory (from Steve :-).

Jeremy.


More information about the linux-cifs-client mailing list