[cicm] Unprotected-side APIs
"Novikov, Lev" <lnovikov@mitre.org> Fri, 17 June 2011 19:15 UTC
Return-Path: <lnovikov@mitre.org>
X-Original-To: cicm@ietfa.amsl.com
Delivered-To: cicm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC2022800E for <cicm@ietfa.amsl.com>; Fri, 17 Jun 2011 12:15:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D8JSx33vEY89 for <cicm@ietfa.amsl.com>; Fri, 17 Jun 2011 12:15:07 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id A16639E8047 for <cicm@ietf.org>; Fri, 17 Jun 2011 12:15:07 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 225B521B1E65 for <cicm@ietf.org>; Fri, 17 Jun 2011 15:15:07 -0400 (EDT)
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 1D79A21B1E61 for <cicm@ietf.org>; Fri, 17 Jun 2011 15:15:07 -0400 (EDT)
Received: from IMCMBX3.MITRE.ORG ([129.83.29.206]) by imchub2.MITRE.ORG ([129.83.29.74]) with mapi; Fri, 17 Jun 2011 15:15:07 -0400
From: "Novikov, Lev" <lnovikov@mitre.org>
To: "CICM Discussion List (cicm@ietf.org)" <cicm@ietf.org>
Date: Fri, 17 Jun 2011 15:13:41 -0400
Thread-Topic: Unprotected-side APIs
Thread-Index: AcwtIquJhQ9/mD3+SHG7s8pUB5MLCQ==
Message-ID: <F9AB58FA72BAE7449E7723791F6993ED062C94CAAA@IMCMBX3.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [cicm] Unprotected-side APIs
X-BeenThere: cicm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: CICM Discussion List <cicm@ietf.org>
List-Id: CICM Discussion List <cicm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cicm>, <mailto:cicm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cicm>
List-Post: <mailto:cicm@ietf.org>
List-Help: <mailto:cicm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cicm>, <mailto:cicm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 19:15:09 -0000
As I previously mentioned, CICM does not define any APIs that simply
move data into / out of the crypto. After several discussions, I believe
there may be a need for additions to the API to support such operations.
Here are the issues:
* Currently, CICM does not define a mechanism for the unprotected side
to pump data into / out of the module.
* Moreover, there is no mechanism to provide non-payload data (e.g.,
supply an IV on the decrypt side).
* Currently, there is no way to associate any given traffic on the
unprotected side with a channel on the protected side.
Here are some ways we can start to address these issues.
1. CICM has a notion of a Module Event (similar to a callback or
interrupt) which is activated under certain conditions.
See: http://tools.ietf.org/html/draft-lanz-cicm-mm-00#section-9
2. We can define a set of events that are relevant to the unprotected
side of a module. For example, it can be notified of the creation of
a new channel on the protected side.
** What other events would need to be defined?
3. We would also have to define appropriate administrative functions for
the unprotected side to perform such as supply an IV, provide
header-bypass information, move data into/out of the crypto.
** What other administrative functions would need to be defined?
** What are other issues that need to be considered?
NOTE
I recognize that these APIs may not be appropriate for each and every
environment, but I am interested in feedback for those where it would
apply.
Thanks,
Lev
- [cicm] Unprotected-side APIs Novikov, Lev