On 1 Nov 2012, at 04:08, Benjamin Kaduk wrote: > On Mon, 29 Oct 2012, Andrew Deason wrote: >> >> On Thu, 25 Oct 2012 09:58:03 -0400 (EDT) >> Benjamin Kaduk <[email protected]> wrote: >> >>> commit 8e0451de7dbdc3abb335bffc79e30d7c51d6c78b >>> Author: Ben Kaduk <[email protected]> >>> Date: Wed Oct 24 17:17:42 2012 -0400 >>> >>> The value zero is special for (byte)lifetime >> > > That makes sense. I am not particularly inclined to keep rewording this part > of the document, though, so you'll forgive me if I don't try to put this view > in the document.
I think I'm happy with Ben's reworked wording, too. >>> commit 74bc8de3886728c5ace1a28a4c0eacf0c2d68275 >>> Author: Ben Kaduk <[email protected]> >>> Date: Wed Oct 24 22:22:10 2012 -0400 >>> >>> Use RXGK_Levels more appropriately >> [...] >>> @@ -403,7 +403,9 @@ enum RXGK_Level { >>> </t> >>> <t>To reduce the potential for denial of service attacks, servers >>> SHOULD only offer the CombineTokens operation to clients connecting >>> - over an rxgk secured connection.</t> >>> + over an rxgk secured connection. The RXGK_Level of the rxgk >>> + connection does not affect the resiliance against denial of >>> + service attacks.</t> Actually, this change is incorrect. The RXGK_Level does affect our resilience against denial of service attacks. If the connection level is "clear", then an attacker can make the server perform an arbitrary number of CombineTokens operations by hijacking an existing connection. I'd proposed adding something like "over an rxgk secured connection, with an RXGK_Level of auth or better." Cheers, Simon._______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
