[AFS3-std] Re: afs3-rxgk-updates for 03
Simon Wilkinson
simon@sxw.org.uk
Thu, 1 Nov 2012 11:10:47 +0000
On 1 Nov 2012, at 04:08, Benjamin Kaduk wrote:
> On Mon, 29 Oct 2012, Andrew Deason wrote:
>>=20
>> On Thu, 25 Oct 2012 09:58:03 -0400 (EDT)
>> Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>>=20
>>> commit 8e0451de7dbdc3abb335bffc79e30d7c51d6c78b
>>> Author: Ben Kaduk <kaduk@mit.edu>
>>> Date: Wed Oct 24 17:17:42 2012 -0400
>>>=20
>>> The value zero is special for (byte)lifetime
>>=20
>=20
> That makes sense. I am not particularly inclined to keep rewording =
this part of the document, though, so you'll forgive me if I don't try =
to put this view in the document.
I think I'm happy with Ben's reworked wording, too.
>>> commit 74bc8de3886728c5ace1a28a4c0eacf0c2d68275
>>> Author: Ben Kaduk <kaduk@mit.edu>
>>> Date: Wed Oct 24 22:22:10 2012 -0400
>>>=20
>>> Use RXGK_Levels more appropriately
>> [...]
>>> @@ -403,7 +403,9 @@ enum RXGK_Level {
>>> </t>
>>> <t>To reduce the potential for denial of service attacks, =
servers
>>> SHOULD only offer the CombineTokens operation to clients =
connecting
>>> - over an rxgk secured connection.</t>
>>> + over an rxgk secured connection. The RXGK_Level of the rxgk
>>> + connection does not affect the resiliance against denial of
>>> + service attacks.</t>
Actually, this change is incorrect. The RXGK_Level does affect our =
resilience against denial of service attacks. If the connection level is =
"clear", then an attacker can make the server perform an arbitrary =
number of CombineTokens operations by hijacking an existing connection.
I'd proposed adding something like
"over an rxgk secured connection, with an RXGK_Level of auth or better."
Cheers,
Simon.=