chucklever
commented
7 months ago NFSD support for RPC-with-TLS was merged in v6.6. This support is adequate to begin experimenting with and productizing NFS in-transit encryption. There are a number of minor features that are still in the works at this time.
This was bugzilla.linux-nfs.org 349
[Chuck Lever 2020-11-21 23:01:09 UTC] https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/ is an evolving standard for performing RPC transactions via a socket that is secured using TLSv1.3 (RFC 8446). The benefits of transport security are thoroughly covered in draft-ietf-nfsv4-rpc-tls, and include full encryption of wire traffic (better coverage than RPCSEC GSS) as well as cryptographic authentication of both communicating peers.
There are already several implementations of this standard. We'd like to see RPC-over-TLS implemented in the Linux kernel NFS server and client.