[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue 9.2) <steal-lock>

To: Andy Bierman <abierman@cisco.com>
Subject: Re: Issue 9.2) <steal-lock>
From: William Caban <william@hpcf.upr.edu>
Date: Mon, 15 Dec 2003 10:57:11 -0400
Cc: NetConf <netconf@ops.ietf.org>
In-reply-to: <4.3.2.7.2.20031202160917.028e6ec0@fedex.cisco.com>
References: <4.3.2.7.2.20031202160917.028e6ec0@fedex.cisco.com>

On Tue, 2003-12-02 at 20:09, Andy Bierman wrote:
> Is there a need for the <steal-lock> operation?
> 
> Attacker can open a session and quickly grab a lock; 
> kill-session followed by lock may not be fast enough 
> to stop the attack, so steal-lock is needed.
> Need to steal the lock and kill the session in one 
> operation or the session will not know the lock was stolen.
What about an attacker issuing the <steal-lock>? Isn't this still being
a DoS possibility? I understand the <steal-lock> operation but I'm not
sure it will solve what we are trying to resolve. I might be confuse but
I can't see the advantage of having this as an operation to try to stop
attacks. I see it useful for when the admin has an open session from one
machine and then happens to be somewhere else and need to do some
reconfiguration, issuing a <steal-lock> will help him a lot. But in the
attacker scenario I still don't see useful.

-W

(BTW, aren't Issue 9.2 and 13.14 the same?)

-- 
William Caban <william@hpcf.upr.edu>


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Issue 9.2) <steal-lock>
  - From: Wes Hardaker <wjhns1@hardakers.net>

References:
- Issue 9.2) <steal-lock>
  - From: Andy Bierman <abierman@cisco.com>

Prev by Date: Re: Issue 13.12) <lock>
Next by Date: Re: Issue 9.4) Partial locks
Previous by thread: Issue 9.2) <steal-lock>
Next by thread: Re: Issue 9.2) <steal-lock>
Index(es):
- Date
- Thread