[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shared Locator Address Pool (SLAP) protocol proposal

To: "Spencer Dawkins" <spencer@mcsr-labs.org>
Subject: Re: Shared Locator Address Pool (SLAP) protocol proposal
From: Dave Crocker <dhc@dcrocker.net>
Date: Thu, 20 Nov 2003 07:30:35 -0800
Cc: multi6@ops.ietf.org
In-reply-to: <099601c3af6c$6c4a4000$2c818182@DFNJGL21>
Organization: Brandenburg InternetWorking
References: <11729160049.20031115084555@brandenburg.com> <02ef01c3abb4$e4ffd3e0$2c818182@DFNJGL21> <3FB8C386.4E526EFB@zurich.ibm.com> <3FBB5A85.3020102@nomadiclab.com> <16878086402.20031119083035@brandenburg.com> <3FBBAD6C.5040106@nomadiclab.com> <07d901c3af13$87ac20b0$2c818182@DFNJGL21> <3FBCBAD8.356DE59D@zurich.ibm.com> <099601c3af6c$6c4a4000$2c818182@DFNJGL21>
Reply-to: Dave Crocker <dcrocker@brandenburg.com>

Spencer,

SD> - protecting different users of multi6 on a single node from each
...
SD> - protecting different users of multi6 on a single node from each
...
SD> - protecting all the users of multi6 on a single node from attackers

The fact that SLAP involves multiple instances of the control protocol
does not necessarily mean that the instances are under the control of
different users.

Of course, a user can take over the kernel of a machine, but there is
nothing we can do about that problem.

So, the normal scenario is that the control protocol instantiations are
running in the operating system.  Different users might be the cause of
having multiple instantiations, just like they might be the cause of
multiple TCP connections. But that does not mean the users have special
priviledges over each other.

Note that the pool of TCP connections is "shared" state, of exactly the
type that we have with SLAP.  Do we view that shared, TCP pool as a
security risk?

d/
--
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>

References:
- Shared Locator Address Pool (SLAP) protocol proposal
  - From: Dave Crocker <dhc@dcrocker.net>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: "Spencer Dawkins" <spencer@mcsr-labs.org>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: Dave Crocker <dhc@dcrocker.net>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: "Spencer Dawkins" <spencer@mcsr-labs.org>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: Shared Locator Address Pool (SLAP) protocol proposal
  - From: "Spencer Dawkins" <spencer@mcsr-labs.org>

Prev by Date: Re: Shared Locator Address Pool (SLAP) protocol proposal
Next by Date: Re: Some Comments on ID/Loc Separation Proposals
Previous by thread: Re: Shared Locator Address Pool (SLAP) protocol proposal
Next by thread: Re: Shared Locator Address Pool (SLAP) protocol proposal
Index(es):
- Date
- Thread