[AFS3-std] Rx clear identity assertion draft
Tom Keiser
tkeiser@sinenomine.net
Tue, 12 Jan 2010 11:56:32 -0500
This is a second call for review of a new Rx security class that
encapsulates cleartext peer identity assertions in the security
header. As discussed in Edinburgh, the idea is to reduce the
probability of race conditions between client and server by asserting
peer identities (e.g. via transmission of host UUIDs for AFS-3) that
are independent of the peer's transport address set.
The second major component of this document are changes to multi-homed
Rx connection semantics. The core problem was that an Rx client would
drop the IPv4 address which was bound as the peer on the server, and
then the connection would entirely break (because server responses
were no longer going to the intended peer), thus stalling the client
until timeout. This memo proposes a method which allows peers to
seamlessly transition between address sets. Admittedly, this does
open cleartext Rx connections up to duplex connection hijacking
attacks, whereas legacy Rx merely was open to simplex attacks.
http://tools.ietf.org/html/draft-tkeiser-rxrpc-sec-clear-00
Cheers,
-Tom