Thanks for working on this! I have a few comments. To summarize, the
proposals are:
(1) Eliminate Need for Writes to SB DB by ovn-controller
(2) Introduce "Trusted Agent" for Writes to SB DB
(3) Add General-Purpose Transaction ACL Support to ovsdb-server
Regarding (1), I think that
On Wed, Mar 15, 2017 at 7:18 AM, Lance Richardson
wrote:
> > From: "Mickey Spiegel"
> > To: "Lance Richardson"
> > Cc: "Russell Bryant" , "devovs"
> > Sent: Tuesday, March 14, 2017 3:06:53 PM
> > Subject: Re: [ovs-dev] OVN
> From: "Mickey Spiegel"
> To: "Lance Richardson"
> Cc: "Russell Bryant" , "devovs"
> Sent: Tuesday, March 14, 2017 3:06:53 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
Hi Mickey,
Thanks for the excellent feed
- Original Message -
> From: "Mickey Spiegel"
> To: "Lance Richardson"
> Cc: "Russell Bryant" , "devovs"
> Sent: Tuesday, March 14, 2017 3:06:53 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
>
On Tue, Mar 14, 2017 at 12:01 PM, Lance Richardson
wrote:
>
>
> - Original Message -
> > From: "Mickey Spiegel"
> > To: "Lance Richardson"
> > Cc: "Russell Bryant" , "devovs"
> > Sent: Tuesday, March 14, 2017
- Original Message -
> From: "Mickey Spiegel"
> To: "Lance Richardson"
> Cc: "Russell Bryant" , "devovs"
> Sent: Tuesday, March 14, 2017 2:27:30 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
>
On Tue, Mar 14, 2017 at 11:14 AM, Lance Richardson
wrote:
> > From: "Russell Bryant"
> > To: "Mickey Spiegel"
> > Cc: "Lance Richardson" , "devovs" <
> d...@openvswitch.org>
> > Sent: Tuesday, March 14, 2017 1:48:55 PM
> From: "Russell Bryant"
> To: "Mickey Spiegel"
> Cc: "Lance Richardson" , "devovs"
> Sent: Tuesday, March 14, 2017 1:48:55 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
> On Tue, Mar 14, 2017 at 5:08 AM, Mi
On Tue, Mar 14, 2017 at 5:08 AM, Mickey Spiegel wrote:
>> - An "authorization" column containing a set of "string" type, where
>> each string is the name of a column (or column:key) that must
>> contain
>> the ID of client attempting the transaction (CN field from client
>>
On Mon, Mar 13, 2017 at 1:20 PM, Lance Richardson
wrote:
> > From: "Mickey Spiegel"
> > To: "Lance Richardson"
> > Cc: "devovs"
> > Sent: Thursday, March 9, 2017 6:49:53 PM
> > Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigat
> From: "Mickey Spiegel"
> To: "Lance Richardson"
> Cc: "devovs"
> Sent: Thursday, March 9, 2017 6:49:53 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
> On Thu, Mar 9, 2017 at 8:52 AM, Lance Richardson
> wrote:
>
On Thu, Mar 9, 2017 at 8:52 AM, Lance Richardson
wrote:
> > From: "Mickey Spiegel"
> > To: "Lance Richardson"
> > Cc: "devovs"
> > Sent: Wednesday, March 8, 2017 10:41:01 PM
> > Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigat
> From: "Mickey Spiegel"
> To: "Lance Richardson"
> Cc: "devovs"
> Sent: Wednesday, March 8, 2017 10:41:01 PM
> Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigation
>
> On Wed, Mar 8, 2017 at 1:28 PM, Lance Richardson
> wrote:
>
On Wed, Mar 8, 2017 at 1:28 PM, Lance Richardson
wrote:
> This email (prompted by recent discussions in IRC on the subject)
> outlines some of the options that have been discussed for securing
> OVN_Southbound from a compromised chassis, and includes a strawman
> proposal for an ovsdb transaction
Thanks, Lance. I have one more comment to add to this version:
On Wed, Mar 8, 2017 at 4:28 PM, Lance Richardson wrote:
> This email (prompted by recent discussions in IRC on the subject)
> outlines some of the options that have been discussed for securing
> OVN_Southbound from a compromised chas
This email (prompted by recent discussions in IRC on the subject)
outlines some of the options that have been discussed for securing
OVN_Southbound from a compromised chassis, and includes a strawman
proposal for an ovsdb transaction ACL implementation.
Feedback appreciated, hopefully we can discu
16 matches
Mail list logo