On Tue, 2005-10-25 at 10:51 -0700, Caitlin Bestler wrote: > > > > > > I believe that the assurances you are talking about are > > peculiar to an implementation, not to the network. > > > > I disagree. Anytime you send an IP datagram on an IP network > you are expected to provide an authentic source address. Any > intermediate network device MAY enforce that rule and drop > packets with invalid source addresses. >
I don't see anything in the protocol specs (RFC 791, RFC 793, ...) that talks about this, so we just have to agree to disagree. :-) > IP Addresses stored in private data, by contrast, are guaranteed > to pass all middleboxes unmolested without review of validation. > This is not a spoofer taking advantage of a lazy network admin, > this is a spoofer being given a "get out of jail free" card that > says the network admin is not even allowed to do spot checks. > > > The CMA is what is preparing the private data header, not the > > app. WRT a IB CM app, it could very easily pretend to be a > > "CMA App" and build it's own private data that spoofed the > > address. How would the local CM know that it is supposed to > > verify this? Where is the service id/private data format > > mapping database? > > > > In short, I think we are mixing many different things together here. > > > > > > For the very same reasons that a userspace consumer is not allowed > to pretend to be the CM itself, it should not be allowed to just > make up Source IP Addresses. If it's going to lie it needs to be > a privileged liar. > > Preserving the existing CM infrastructure is fine, but not if it > forces us to take something that should be authenticated by privileged > software and simply trust that userspace code will fill it in correctly. _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general