Caitlin Bestler wrote:
Is that because you do not agree that there is a problem?
Or is it that you think the gap betweeen this and existing IP
connection semantics is small enough that it is better to cover
it with a disclosure than by changing the CM protocol?
I would define the problem as: applications want to connect over IB using IP
addressing. Defining the CM REQ private data solves is only a small part of the
solution (reverse lookup).
On an IP network the remote IP Address/port was vouched for
by the remote kernel at the minimum, and MAY have been authenticated
by each routing element along the way. Private data supplied through
the existing CM protocol has neither of those safeguards.
I think that security is a separate issue outside of this. I have no idea what
OS is running on a remote system, let alone how it may have verified an address.
That said, the kernel CMA would set this data based on information that it
collects. But only users of the CMA would have this additional protection.
- Sean
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
