From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ken Goldman Subject: Re: [RFC] tpm2-space: add handling for global session exhaustion Date: Fri, 27 Jan 2017 16:20:08 -0500 Message-ID: References: <1484772489.2396.2.camel@HansenPartnership.com> <20170119122533.d7h5rgatpwl3qmcl@intel.com> <20170119124101.nw7a7m735zhiivfo@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170119124101.nw7a7m735zhiivfo-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On 1/19/2017 7:41 AM, Jarkko Sakkinen wrote: > > I actually think that the very best solution would be such that > sessions would be *always* lease based. So when you create a > session you would always loose within a time limit. > > There would not be any special victim selection mechanism. You > would just loose your session within a time limit. I worry about the time limit. I have a proposed use case (policy signed) where the user sends the session nonce along with a "payment" to a vendor and receives back a signature authorization over the nonce. The time could be minutes or even hours. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot