From: Hal Rosenstock <hal-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
To: Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Cc: Jim Foraker <foraker1-i2BcT+NCU+M@public.gmane.org>,
linux-rdma <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH fixed] libibmad: Add MKey support to SMP requests via smp_mkey_get/set()
Date: Wed, 14 Mar 2012 08:41:40 -0400 [thread overview]
Message-ID: <4F609204.1020107@dev.mellanox.co.il> (raw)
In-Reply-To: <20120313163505.GC9585-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
On 3/13/2012 12:35 PM, Jason Gunthorpe wrote:
> On Tue, Mar 13, 2012 at 08:31:50AM -0400, Hal Rosenstock wrote:
>> On 3/9/2012 1:04 PM, Jason Gunthorpe wrote:
>>> On Fri, Mar 09, 2012 at 07:59:58AM -0500, Hal Rosenstock wrote:
>>>
>>>> What mkey model is being proposed here ? It looks to me like it is a
>>>> single mkey for all ports in the subnet which is the simplest but least
>>>> flexible model. If so, I think we need something more flexible as IBA
>>>> allows each port to have it's own different mkey.
>>>
>>> I would like to see some general agreement on a generator for mkey,
>>> something like:
>>>
>>> MKey = HMAC(Subnet_KEY,PortGUID)
>>>
>>> This blinds the mkey incase a port is compromised but still lets
>>> privileged entities compute it from a single key.
>>
>> As there is no standard for this and there are various different
>> requirements here, I'm not sure that one algorithm fits all so IMO it's
>> best to make this as flexible as possible and allow for various
>> algorithms/approaches to be open sourced.
>
> That would be a disaster from a usability and security perspective. We
> need one really good standard, not tens of half baked ideas. MKey
> generation is such a minor point in the grand scheme of things, giving
> people lots of choice makes no sense.
I've already heard several ideas on what MKey generation should be and
not just the ones on the list so far. I doubt there will be agreement by
all parties on this and I think different schemes can be accommodated.
It's either that or the standard tools will support one scheme and there
will be several "proprietary" variants of the tools in those
environments which I think would not be good.
-- Hal
> Jason
>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2012-03-14 12:41 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-06 20:09 [PATCH] libibmad: Add MKey support to SMP requests via smp_mkey_get/set() Jim Foraker
[not found] ` <1331064594.10889.8.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-03-06 22:12 ` [PATCH fixed] " Jim Foraker
[not found] ` <1331071949.17729.11.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-03-09 12:59 ` Hal Rosenstock
[not found] ` <4F59FECE.4030107-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-03-09 17:09 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A823733B767E36-P5GAC/sN6hmkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2012-03-13 12:29 ` Hal Rosenstock
2012-03-09 18:04 ` Jason Gunthorpe
[not found] ` <20120309180459.GB29961-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2012-03-09 20:14 ` Ira Weiny
2012-03-09 20:32 ` Jim Foraker
[not found] ` <1331325175.17729.112.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-03-09 21:01 ` Jason Gunthorpe
[not found] ` <20120309210151.GA32353-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2012-03-10 1:09 ` Jim Foraker
[not found] ` <1331341747.17729.253.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-03-13 16:50 ` Jason Gunthorpe
[not found] ` <20120313165020.GE9585-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2012-03-16 0:27 ` Jim Foraker
[not found] ` <1331857632.17729.751.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-03-16 6:19 ` Jason Gunthorpe
2012-03-13 12:31 ` Hal Rosenstock
[not found] ` <4F5F3E36.9010600-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-03-13 16:35 ` Jason Gunthorpe
[not found] ` <20120313163505.GC9585-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2012-03-14 12:41 ` Hal Rosenstock [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F609204.1020107@dev.mellanox.co.il \
--to=hal-ldsdmyg8hgv8yrgs2mwiifqbs+8scbdb@public.gmane.org \
--cc=foraker1-i2BcT+NCU+M@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox