Re: [ogpx] Seed capability behavior
Arrogant Cyberstar <arrogant.cyberstar@gmail.com> Thu, 21 January 2010 00:53 UTC
Return-Path: <arrogant.cyberstar@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B443028C111; Wed, 20 Jan 2010 16:53:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqg0dxKjJ5bn; Wed, 20 Jan 2010 16:53:33 -0800 (PST)
Received: from mail-pw0-f50.google.com (mail-pw0-f50.google.com [209.85.160.50]) by core3.amsl.com (Postfix) with ESMTP id B693C3A6828; Wed, 20 Jan 2010 16:53:33 -0800 (PST)
Received: by pwi20 with SMTP id 20so3837494pwi.29 for <multiple recipients>; Wed, 20 Jan 2010 16:53:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=U7bUP7fkF7EvAsq4k8BUU2llXUUTUy3H5D6vuqe0yIY=; b=aAsOfVVWU35tto5HXWOcSIp+PbW0PtVj9efRobp3HIhRNtmta40NZFuITTddEva8VF SXykM5ikc7tjgPVq5+t5LDNdI0W9C322TGhHNx7GrzBS+HgCPhWJYVTs9034VP3BDneS 2EynJDC0iAgATOKsr6tfo+NQIMcVS0ye1OSmg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=LryuXOp+uXqMOWo1CQ2aGEwRQO7sfNq1ntxe0Xsl8N0uzmaExnh+dtcdMvFIVWtWMB AFQL+KuYh1SsupPiVuVICUBvXaDZaXB8Tg6QzW+B/Jlxg+w3rECCkVGNAkWs3EZl8HRl q8FBAes2cSLeotfiA9mB2JqO27zWAVuqyEvNc=
MIME-Version: 1.0
Received: by 10.114.215.13 with SMTP id n13mr503260wag.98.1264035207330; Wed, 20 Jan 2010 16:53:27 -0800 (PST)
In-Reply-To: <186103.40609.qm@web112807.mail.gq1.yahoo.com>
References: <62BFE5680C037E4DA0B0A08946C0933DC4B2DCF9@rrsmsx506.amr.corp.intel.com> <OFEDB4A382.947559FB-ON852576B1.007B59C0-852576B1.007C448C@us.ibm.com> <3a880e2c1001201643p3a885e23ma60f0c9df8d783b@mail.gmail.com> <186103.40609.qm@web112807.mail.gq1.yahoo.com>
Date: Wed, 20 Jan 2010 16:53:27 -0800
Message-ID: <5cca23bc1001201653m67298deey1c3395b80b5b0e29@mail.gmail.com>
From: Arrogant Cyberstar <arrogant.cyberstar@gmail.com>
To: Hogmanay Milestone <hogmanay.milestone@yahoo.com>
Content-Type: multipart/alternative; boundary="0016e64cd526843d5d047da22133"
Cc: "Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com>, ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Seed capability behavior
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2010 01:40:53 -0000
On Wed, Jan 20, 2010 at 4:50 PM, Hogmanay Milestone < hogmanay.milestone@yahoo.com> wrote: > ----- Original Message ---- > From: Infinity Linden (Meadhbh Hamrick) <infinity@lindenlab.com> > To: David W Levine <dwl@us.ibm.com> > Cc: ogpx-bounces@ietf.org; "ogpx@ietf.org" <ogpx@ietf.org> > Sent: Wed, January 20, 2010 4:43:58 PM > Subject: Re: [ogpx] Seed capability behavior > > >1.1. if the seed cap persists for a fixed period of time, the client > >may request additional services from the seed cap later. it's possible > >we may want to wait to issue service caps until the client actually > >tries to do certain things (like spend money, transfer items, > >inventory access, etc.) > > but how likely is this to happen? > > >1.2. if the seed cap persists for a fixed period of time, it allows > >service caps to have shorter lifetimes. deployers may want some caps > >(like caps for spending money and transferring items) to have a > >shorter lifetime than others (like caps for connecting to public > >regions or caps for getting the grid status.) > > > >by persisting the seed cap, the client may request a new service cap > >from the seed without having to re-authenticate. > > > you could request a "new seed" capability from the seed cap, then when you > need a new one, you access the new seed capability to give you a new seed > capability. > > how is this different from just keeping the seed cap around? if the concern is that an attacker will be able to exploit a security vulnerability to access a seed cap, then it could just as easily extract the "new seed" cap instead of the seed cap. the attacker could then use the new seed cap to get another seed cap, and the client is still pwnd. > > > > > _______________________________________________ > ogpx mailing list > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx >
- [ogpx] Seed capability behavior Hurliman, John
- Re: [ogpx] Seed capability behavior David W Levine
- Re: [ogpx] Seed capability behavior Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Seed capability behavior Hogmanay Milestone
- Re: [ogpx] Seed capability behavior Arrogant Cyberstar
- Re: [ogpx] Seed capability behavior Arrogant Cyberstar
- Re: [ogpx] Seed capability behavior Arrogant Cyberstar
- Re: [ogpx] Seed capability behavior Arrogant Cyberstar
- Re: [ogpx] Seed capability behavior Arrogant Cyberstar