Hi Thomas, this is not a discus and I’m fine your reply. Still a few more comments:
> Am 31.10.2016 um 15:37 schrieb Thomas C. Schmidt <[email protected]>: > > Hi Mirja, > > you are right in the sense that (a) if all previous evaluations have been > performed without a failure, and (b) if no revocation occurred (or (c) a > previous revocation has cleaned up all further delegation entries), then the > write procedure can rely on the single delegation entry that matches the > current user name of the writer. This comes down to me to only one ‚if‘ and that is actually point c. And I’d hope that c would always happen. > > However, this includes several "ifs". For instance, if cleanup of the > delegation list has not been completed at the time of granting write access, > errors in the trust chain may occur. This could introduce unwanted attack > surface. Could you document this attack surface in the doc…? > > Our rationale behind designing this complete, self-contained procedure was > (a) writing an ACL list is not a frequent operation (so complexity is not the > major concern), and (b) keeping all operations simple, robust, and of minimal > dependence w.r.t. each other. Don’t you have to do the check every time you check write access for a shared resource? That can be much more often. Mirja > > That's why it's like that. > > Cheers, > Thomas > > On 31.10.2016 15:06, Mirja Kuehlewind wrote: >> Mirja Kühlewind has entered the following ballot position for >> draft-ietf-p2psip-share-09: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-p2psip-share/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Quick questions on sec 6.3. (Validating Write Access through an ACL): >> Do I really need to validate the authorization chain in the ACL every >> time I give access to a resource? Wouldn't I rather validate the ACL when >> it's modified and then simply assume that it is sufficient that I have an >> entry in the ACL to provide access? >> > > -- > > Prof. Dr. Thomas C. Schmidt > ° Hamburg University of Applied Sciences Berliner Tor 7 ° > ° Dept. Informatik, Internet Technologies Group 20099 Hamburg, Germany ° > ° http://www.haw-hamburg.de/inet Fon: +49-40-42875-8452 ° > ° http://www.informatik.haw-hamburg.de/~schmidt Fax: +49-40-42875-8409 ° > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
