[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt

mcr at sandelman.ca (Michael Richardson) Thu, 19 July 2007 18:24 UTC

From: "mcr at sandelman.ca"
Date: Thu, 19 Jul 2007 14:24:24 -0400
Subject: [anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt
In-Reply-To: <1EF1E44200D82B47BD5BA61171E8CE9D0439AF95@NT-IRVA-0750.brcm.ad.broadcom.com>
References: <E1I0NEg-00087m-4f@stiedprstage1.ietf.org> <1EF1E44200D82B47BD5BA61171E8CE9D0439AF95@NT-IRVA-0750.brcm.ad.broadcom.com>
Message-ID: <f7oa8t$s9r$1@sea.gmane.org>

Caitlin Bestler wrote:
> This draft makes many assumptions about the execution environment.
> Far too many, in my opinion, for anything beyond an informational RFC.
> 
> In particular the requirements that the objects be "opaque" and
> non-copyable are problematic in embedded and/or virtualized
> environments.

   You are mis-understanding the requirements.
   The requirements are there in order to free the API developer to be able 
to  do what make sense in a multitude of environments.  An object is said to 
be opaque to make sure that the *APPLICATION* does not depend upon the 
ability to look into the object in order to function.
   An object is said to be non-copyable, in order that you do not assume that
you can copy it trivially by doing a structure copy.

   In both cases, if your choose to implement the accessor functions as 
#define macros, and the copy function as *foostruct=*barstruct, that's just fine.

   However, in a Posix environment, I can not assume that

> Not allowing the client to copy the object to another location in the
> same process, or to an entirely different process is quite reasonable.

   I don't think it says that.
   What it says is that if you have a handle in one process, that it will not 
be transparently valid in another process.   If you want to move the object 
to another process, then you have to have cooperation of the object. It's 
just like a file handle or a socket.

> But can the process itself be migrated? Are these objects expected
> to work after a Unix style fork? What if the entire IP host is
> migrated to another physical machine?

   Do sockets work after you do these things?

> What needs to be stated is what expectations there are about
> this memory. Are normal operations on the entire memory space,
> such as swap-out/swap-in and virtualization migration, compatible
> with these objects or not?

   We were also very specific in the requirements document (I think you 
didn't read it), that we never let the application processes see keying 
material. They have no business knowing about that.

[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Internet-Drafts@ietf.org
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Caitlin Bestler
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Nicolas Williams
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Caitlin Bestler
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Nicolas Williams
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Michael Richardson
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Caitlin Bestler
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Nicolas Williams
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Michael Richardson
[anonsec] I-D ACTION:draft-ietf-btns-c-api-00.txt Michael Richardson