Talpey, Thomas wrote:
At 09:35 AM 9/25/2008, Tom Tucker wrote:
This explanation is helpful, thanks. It would also be helpful if we
could boil down the advice to just a sentence or two for the busy admin.
Something like: unless you have card XYZ and kernel 2.6.y, do *not* use
rdma on a network where you cannot trust every machine....
Would it be better to say, "Do not use RDMA on a network where your
policy requires a security model stronger than tcp/auth_unix."
No! This would confuse integrity and privacy concerns (the root of the
RDMA attack you describe) with authentication. While it's true there are
different attacks with a different transport, they do not in any way
contravene the protections in the RPC and NFS layers.
In fact, I believe the text is unfairly protraying a vulnerability in iWARP
as to be residing in NFS/RDMA, which is isn't.
While many of today's adapters allow so-called "type 2" RKEYs, the
protocol does not encourage them, and their use introduces these
risks. The risks are avoidable. The IETF RFCs describe these in detail,
for both RDDP and NFS/RPC/RDMA.
Ok, but I need some text that correctly represents the guidance to the
naive administrator. I think Bruce's goal is a good one, but I thought
his text was only "point in time" relevant.
I'm open to suggestions for specific wording!
Tom
Tom.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
