At 07:50 PM 3/20/2006, Roland Dreier wrote: > Thomas> Yes, I know about binding on a separate queue. That > Thomas> doesn't work, because windows are semantically not > Thomas> fungible (for security reasons). > >Can you elaborate on the issue of fungibility? If one entity has two >QPs, one of which it's using for traffic and one of which it's using >for MW binds, I don't see any security issue (beyond the fact that >you've now given up ordering of operations between the QPs).
If I can snoop or guess rkeys (not a huge challenge with 32 bits), and if I can use them on an arbitrary queuepair, then I can handily peek and poke at memory that does not belong to me. For this reason, iWARP requires its steering tags to be scoped to a single connection. This leverages the IP security model and provides correctness. It is true that IB implementations generally don't do this. They should. Tom. _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general