US-Cert recommends disabling SMB1

[Steve French]

No surprise that we should disable cifs ... now our challenge

1) make SMB3 (linux kernel implementation clearly) better than cifs including
   - the POSIX/Unix Extensions, which we were close to agreement on ...
   - compounding (open/query/close)
   - some minor feature finishup (xattrs and acls eg)
Although in most ways SMB3 is already better
2) finishup key security features
    - Pavel's encryption patches need more review ASAP (he has a
github branch for these and I plan to merge into for-next fairly soon)
    - SMB3.1.1 secure negotiate and crypto negotiation finishup
3) more testing to make sure we didn't miss anything ...

On Tue, Jan 17, 2017 at 10:36 AM, Sachin Prabhu <sprabhu at redhat.com> wrote:
> The following advisory was released by US-CERT.
>
> https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-B
> est-Practices
>
> Sachin Prabhu
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Thanks,

Steve