Looks good. Thank you very much!
Yaron
On 1/30/20, 17:10, "Chuck Lever" <chuck.lever@xxxxxxxxxx> wrote:
Hello Yaron-
The Security Considerations section now reads as follows:
6. Security Considerations
The reader is directed to the Security Considerations section of
[RFC8166] for background and further discussion.
The RPC-over-RDMA version 1 protocol framework depends on the
semantics of the Reliable Connected (RC) queue pair (QP) type, as
defined in Section 9.7.7 of [IBA]. The integrity of CM Private Data
and the authenticity of its source are ensured by the exclusive use
of RC queue pairs. Any attempt to interfere with or hijack data in
transit on an RC connection results in the RDMA provider terminating
the connection.
Additional analysis of RDMA transport security appears in the
Security Considerations section of [RFC5042]. That document
recommends IPsec as the default transport layer security solution.
When deployed with iWARP, IPsec establishes a protected channel
before any iWARP operations are exchanged, thus it protects the
exchange of Private Data that occurs as each QP is established.
However, IPsec is not available for InfiniBand or RoCE deployments.
Those fabrics rely on physical security and cyclic redundancy checks
to protect network traffic.
Improperly setting one of the fields in a version 1 Private Message
can result in an increased risk of disconnection (i.e., self-imposed
Denial of Service). There is no additional risk of exposing upper-
layer payloads after exchanging the Private Message format defined in
the current document.
In addition to describing the structure of a new format version, any
document that extends the Private Data format described in the
current document must discuss security considerations of new data
items exchanged between connection peers.
--
Chuck Lever
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
