On Wed, 2019-05-08 at 17:22 +0300, Leon Romanovsky wrote:
> > It is a recommendation to choose a hard to predict memory
> > key (to make it hard for an attacker to guess it). From
> > RFC 5040, sec 8.1.1:
> >
> > An RNIC MUST choose the value of STags in a way difficult to
> > predict. It is RECOMMENDED to sparsely populate them over the
> > full available range.
>
> Nice, security by obscurity, this recommendation is nonsense in real life,
> protection should be done by separating PDs and not by hiding stags.
That rather misses the point. The point isn't whether your PDs are
separate, but whether a malicious third party can easily guess your next
generated ID so it can be used in an attack. This is security by
obscurity, it's security by non-guessability, and it's been shown to be
necessary multiple times over in network stacks.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
Attachment:
signature.asc
Description: This is a digitally signed message part
