On 3/9/2012 1:04 PM, Jason Gunthorpe wrote: > On Fri, Mar 09, 2012 at 07:59:58AM -0500, Hal Rosenstock wrote: > >> What mkey model is being proposed here ? It looks to me like it is a >> single mkey for all ports in the subnet which is the simplest but least >> flexible model. If so, I think we need something more flexible as IBA >> allows each port to have it's own different mkey. > > I would like to see some general agreement on a generator for mkey, > something like: > > MKey = HMAC(Subnet_KEY,PortGUID) > > This blinds the mkey incase a port is compromised but still lets > privileged entities compute it from a single key.
As there is no standard for this and there are various different requirements here, I'm not sure that one algorithm fits all so IMO it's best to make this as flexible as possible and allow for various algorithms/approaches to be open sourced. -- Hal -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
