Re: Regarding offloading IPv6 addrconf and ndisc

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Hugo Santos <hsantos@av.it.pt>
To: Stephen Hemminger <shemminger@osdl.org>
Cc: David Miller <davem@davemloft.net>,
	herbert@gondor.apana.org.au, kazunori@miyazawa.org,
	yoshfuji@linux-ipv6.org, netdev@vger.kernel.org,
	usagi-core@linux-ipv6.org
Subject: Re: Regarding offloading IPv6 addrconf and ndisc
Date: Fri, 28 Jul 2006 09:34:33 +0100	[thread overview]
Message-ID: <20060728083433.GG29313@innerghost.net> (raw)
In-Reply-To: <20060727210738.36f33436@localhost.localdomain>

[-- Attachment #1: Type: text/plain, Size: 2006 bytes --]

> A couple of basic questions:
> 1. Can we just proceed assuming it is non-secure until a later time when
>    the certificate path is established?

   This is not something which is described in the standard. In fact,
 processing the RA without a certificate path to the router already
 assumes the host is configured to so do (assuming unverified messages
 are treated as normal non-secure ones). Treating it as non-secure would
 allow an attacker to temporarily receive packets from the host if it
 has no secure router to be used (in the same or other interfaces).
 This may allow it to retrieve some of the user's info (think web-login
 portal) and it just has to be on-link (typical NDP attack). A solution
 would be not to assume it is non-secure, but instead cache or drop the
 RA and initiate the process to obtain a certificate path. This however
 does not allow the kind of behaviour that Dave described in one of is
 earlier e-mails, where packets are processed in order.

   Also, the host cache needs to hold X.509v3 certificates, and even if
 a lighter crypto-hash based check is available (if CGAs are used as
 well, to make sure the packets come from the packet's source address),
 hosts will end up having to perform RSA signature checks.

> 2. What if user process dies? or gets overwhelmed?
>    One of the assumptions of the any well designed kernel is that the system should never
>    hang because some user application died or waited for ever.

   Of course that this is a real problem. However, if the control daemon
 dies the kernel won't die. Depending on the implementation -- you might
 temporarily get out of addresses, if the addresses are flushed when the
 control daemon dies, etc. But, just like a routing daemon is critical
 to a router, this control application would also be critical to the
 host's connectivity. And if it dies, it needs to be restarted. The
 application might be itself complex, but in the end we moved this
 complexity away from the kernel.

   Hugo

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2006-07-28  8:34 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-27 11:25 Regarding offloading IPv6 addrconf and ndisc Hugo Santos
2006-07-27 12:25 ` Kazunori Miyazawa
2006-07-27 17:56   ` Hugo Santos
2006-07-27 23:56   ` Herbert Xu
2006-07-28  1:34     ` David Miller
2006-07-28  1:45       ` Hugo Santos
2006-07-28  2:27         ` David Miller
2006-07-28  3:13           ` Hugo Santos
2006-07-28  3:20             ` David Miller
2006-07-28  3:31               ` Hugo Santos
2006-07-28  4:07                 ` Stephen Hemminger
2006-07-28  8:34                   ` Hugo Santos [this message]
2006-07-28 12:45                     ` Jamal Hadi Salim
2006-07-29 13:34                       ` Hugo Santos
2006-07-30  3:28                         ` Kazunori Miyazawa
2006-07-30 11:30                           ` Hugo Santos
2006-07-31 21:23                             ` David Miller
2006-08-01 11:50                               ` Hugo Santos
2006-08-01 21:54                                 ` David Miller
2006-08-01  0:16                             ` Kazunori Miyazawa
2006-07-28  2:22       ` Herbert Xu
2006-07-28  2:33         ` David Miller
2006-08-01  0:31       ` Andi Kleen
2006-08-01  0:46         ` David Miller
2006-08-01  0:49           ` Roland Dreier
2006-08-01  1:24             ` Jamal Hadi Salim
2006-08-01  1:30               ` Herbert Xu
2006-08-01  1:47                 ` Jamal Hadi Salim
2006-08-01 12:13                   ` Hugo Santos
2006-08-01 12:00           ` Hugo Santos
2006-08-01 21:57             ` David Miller
2006-08-03 13:28               ` Ingo Oeser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060728083433.GG29313@innerghost.net \
    --to=hsantos@av.it.pt \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=kazunori@miyazawa.org \
    --cc=netdev@vger.kernel.org \
    --cc=shemminger@osdl.org \
    --cc=usagi-core@linux-ipv6.org \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).