From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id EAB2E22007C5 for ; Fri, 13 Sep 2024 14:55:21 -0400 (EDT) (envelope-from gordon.w.ross@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id E6B3476BC4D; Fri, 13 Sep 2024 14:55:21 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1726253721; b=Mx4ErKF+Bti1sws1h+VAaloF+tn3dNqy2kilVMqgbGTLdFQLDY Gv7dEsuQ+iTObm+Jqi4lnXgOUYaA9eNFmLjiNhdg1XVPdyJToTr6JOGIdLHvP9Nd ZC+HiupR3XoLwgKnolJW+xE+6+qJUCqkBfDXCbNyuJTEFis6uFFsVsRcRqRkWDrV 59iPIlJPIsJB8qSYCk05jqj9Bos5nCOS3IZcDaJEcVo1j//j5ECYWPwtdnezpTqc qRbDLSV7MP2Gd+0gYY2vfSADDDjM8sgGsgRmT+IBUx/jbGNcYOjD/14Q3EekB9p/ iiFmF7el4W9m2HoBOJH0k1E/6+mA4fxJRujg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:from:date:message-id:subject:to :content-type; s=arcseal; t=1726253721; bh=ROCre7NnYP5Fb3Z9bc9jA fqBbSUf1Lzb6bTDbOBWLYw=; b=vzln4Iz+Ezn7+tVE7pyNcyDcK2m0qovGcrAi3 088n7mpyZ6JYm2jvGeCqQiWpSlr19KNy+Ex6WL8gfvcVWgeJknIdaMsQLvw+ZiVW dT+mX5GsZOQ/lG7jVuQlY1qAm8UjAVaQi6XN6cCOczO7f08mr4fpNWWNJJ7DhgUZ x9Rm3bbYsYThuf3xvID8XZRtHaMA5pyWZnJHqFQlsZIM7PqCM6R5Sr0rdMyK+Yol 5N9UhR1TkCQPiBo9T4P6OnKaJ1i1jnKAlh8WNLBtR0bdJoHBBgD3v88eGqSMUJEl fa8LkcWeS1ckjPvHq6rGeeONPCn1Xfi+6ZTVbCh2Rq4QVf+sw== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=lyvoHRKi header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.128.169 (mail-yw1-f169.google.com); spf=pass smtp.mailfrom=gordon.w.ross@gmail.com smtp.helo=mail-yw1-f169.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=mRgdkZKM; x-me-sender=none; x-ptr=pass smtp.helo=mail-yw1-f169.google.com policy.ptr=mail-yw1-f169.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=lyvoHRKi header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.128.169 (mail-yw1-f169.google.com); spf=pass smtp.mailfrom=gordon.w.ross@gmail.com smtp.helo=mail-yw1-f169.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=mRgdkZKM; x-me-sender=none; x-ptr=pass smtp.helo=mail-yw1-f169.google.com policy.ptr=mail-yw1-f169.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeeftddrudejkedgtdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpegghfffkf fuvfgtsehttdertddttdejnecuhfhrohhmpefiohhrughonhcutfhoshhsuceoghhorhgu ohhnrdifrdhrohhsshesghhmrghilhdrtghomheqnecuggftrfgrthhtvghrnheptdehud dvhfeggfetffegjeejgffhvdejfeejjeevtdffleelgffggfdtfeeljeevnecuffhomhgr ihhnpehilhhluhhmohhsrdhorhhgnecukfhppedvtdelrdekhedruddvkedrudeileenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdekhedruddv kedrudeiledphhgvlhhopehmrghilhdqhiifuddqfhduieelrdhgohhoghhlvgdrtghomh dpmhgrihhlfhhrohhmpeeoghhorhguohhnrdifrdhrohhsshesghhmrghilhdrtghomheq pdhnsggprhgtphhtthhopedupdhrtghpthhtohepoeguvghvvghlohhpvghrsehlihhsth hsrdhilhhluhhmohhsrdhorhhgqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'gordon.w.ross@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="gordon.w.ross@gmail.com"; helo=mail-yw1-f169.google.com; client-ip=209.85.128.169 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for ; Fri, 13 Sep 2024 14:55:21 -0400 (EDT) (envelope-from gordon.w.ross@gmail.com) Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-6da395fb97aso20532477b3.0 for ; Fri, 13 Sep 2024 11:55:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726253721; x=1726858521; darn=lists.illumos.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ROCre7NnYP5Fb3Z9bc9jAfqBbSUf1Lzb6bTDbOBWLYw=; b=lyvoHRKiK4D1F0RyOOfRAnAFDiY1yVbjpbtCexeJKqEejrPGrkgtMwkyQSDxMyC5D+ R+n5oiZJJ//MmB9RPG1Pz/R/Plo4vAHMxOCEpG0jrWMNEegrwKgcsfy7lWiCf4Djh73z 1og66Au81HG8xJi9UaWeQ+sTFQigehzZUb/2bflYn9HbJysS0NIGJPyNyS75y52J5e2g ywFQ9c1cdnJTK2cBm6+7D5TxlU0lOqgykq6OSsECvzMgaz1r8kril6uxgGiP6fE3wnjT z3VEVOxjFRKmzF1h1n478o8T5IBdk0UoqwPVUnHZE8hGPJNwNkPAB7BdjYo6ox4N5wW1 i3Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726253721; x=1726858521; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ROCre7NnYP5Fb3Z9bc9jAfqBbSUf1Lzb6bTDbOBWLYw=; b=mRgdkZKMBJ53W//nQTmo+rucebSp5kqBp+jgxp46yYVAJuoSdhxJd0wLFMAJNTIatV Qh9Z9Dk3AKxOKl0iNQrnf1T1TrrQAJrhZM/uc5/2YcAG5wpkkw4QXImNT3eFQR1qfpvh Z803DfccIOmHyu6NSK1hY3VkNKfjjiUtjVT9Sjdqkvec3/L9SJbbNP+X8ESKPf+s+Ja3 yAqQQyiGpO/7/RZS6VTzbJlCWUyv2bC88/LhiW+l9PJLuc2LcrGs/1DIrVc9WASR9Xz8 cl+C9g67zVVLkMK0eOdBlCPzG8zCosTKAWOUTqeEsEyr9/vJe+itTapu/dvUKgpOnsOl ocJA== X-Gm-Message-State: AOJu0YybJldjlTdrkrNmKapnituWN6NNEQzwC2OEwPVS7rttUujnewF0 bpPpS0Xk56hPA48WGPvhmLoAb8PIIMmTNrDoKY7pnbaP8OZZN8RZDBuGcqxnSTV7wI1rrD3vDhB f3kVcSrzLHudlPv+ldpMaX1hlLrH6X5Pz X-Google-Smtp-Source: AGHT+IGgS5nhd7FnOwYmUKkPA3LjuRXy5AQVhKuGsN2nVADv7rZh2iTeCn8CVioiFGKqkca2DX7sesk4O+64Pdrtb8Q= X-Received: by 2002:a05:690c:620a:b0:6a9:4fdd:94e5 with SMTP id 00721157ae682-6dbb6af8d3dmr73368677b3.13.1726253720663; Fri, 13 Sep 2024 11:55:20 -0700 (PDT) MIME-Version: 1.0 From: Gordon Ross Date: Fri, 13 Sep 2024 14:55:04 -0400 Message-ID: Subject: Review: 11992 SMB client encryption support To: _illumos-dev Content-Type: text/plain; charset="UTF-8" Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: bd1c5ada-7201-11ef-aebc-d319917e44b5 https://code.illumos.org/c/illumos-gate/+/3688 It turns out that it's becoming popular to require SMB encryption on Windows AD servers. If one does that, our SMB server cannot connect to the NetLogon service over SMB "named pipes" without this enhancement. If you're in an environment with such AD server policies, you'll want this ASAP.