IETF Logo Mail Archive

Re: [ogpx] Seed capability behavior

Arrogant Cyberstar <arrogant.cyberstar@gmail.com> Thu, 21 January 2010 00:53 UTC

Return-Path: <arrogant.cyberstar@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B443028C111; Wed, 20 Jan 2010 16:53:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqg0dxKjJ5bn; Wed, 20 Jan 2010 16:53:33 -0800 (PST)
Received: from mail-pw0-f50.google.com (mail-pw0-f50.google.com [209.85.160.50]) by core3.amsl.com (Postfix) with ESMTP id B693C3A6828; Wed, 20 Jan 2010 16:53:33 -0800 (PST)
Received: by pwi20 with SMTP id 20so3837494pwi.29 for <multiple recipients>; Wed, 20 Jan 2010 16:53:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=U7bUP7fkF7EvAsq4k8BUU2llXUUTUy3H5D6vuqe0yIY=; b=aAsOfVVWU35tto5HXWOcSIp+PbW0PtVj9efRobp3HIhRNtmta40NZFuITTddEva8VF SXykM5ikc7tjgPVq5+t5LDNdI0W9C322TGhHNx7GrzBS+HgCPhWJYVTs9034VP3BDneS 2EynJDC0iAgATOKsr6tfo+NQIMcVS0ye1OSmg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=LryuXOp+uXqMOWo1CQ2aGEwRQO7sfNq1ntxe0Xsl8N0uzmaExnh+dtcdMvFIVWtWMB AFQL+KuYh1SsupPiVuVICUBvXaDZaXB8Tg6QzW+B/Jlxg+w3rECCkVGNAkWs3EZl8HRl q8FBAes2cSLeotfiA9mB2JqO27zWAVuqyEvNc=
MIME-Version: 1.0
Received: by 10.114.215.13 with SMTP id n13mr503260wag.98.1264035207330; Wed, 20 Jan 2010 16:53:27 -0800 (PST)
In-Reply-To: <186103.40609.qm@web112807.mail.gq1.yahoo.com>
References: <62BFE5680C037E4DA0B0A08946C0933DC4B2DCF9@rrsmsx506.amr.corp.intel.com> <OFEDB4A382.947559FB-ON852576B1.007B59C0-852576B1.007C448C@us.ibm.com> <3a880e2c1001201643p3a885e23ma60f0c9df8d783b@mail.gmail.com> <186103.40609.qm@web112807.mail.gq1.yahoo.com>
Date: Wed, 20 Jan 2010 16:53:27 -0800
Message-ID: <5cca23bc1001201653m67298deey1c3395b80b5b0e29@mail.gmail.com>
From: Arrogant Cyberstar <arrogant.cyberstar@gmail.com>
To: Hogmanay Milestone <hogmanay.milestone@yahoo.com>
Content-Type: multipart/alternative; boundary="0016e64cd526843d5d047da22133"
Cc: "Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com>, ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Seed capability behavior
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2010 01:40:53 -0000

On Wed, Jan 20, 2010 at 4:50 PM, Hogmanay Milestone <
hogmanay.milestone@yahoo.com> wrote:

> ----- Original Message ----
> From: Infinity Linden (Meadhbh Hamrick) <infinity@lindenlab.com>
> To: David W Levine <dwl@us.ibm.com>
> Cc: ogpx-bounces@ietf.org; "ogpx@ietf.org" <ogpx@ietf.org>
> Sent: Wed, January 20, 2010 4:43:58 PM
> Subject: Re: [ogpx] Seed capability behavior
>
> >1.1. if the seed cap persists for a fixed period of time, the client
> >may request additional services from the seed cap later. it's possible
> >we may want to wait to issue service caps until the client actually
> >tries to do certain things (like spend money, transfer items,
> >inventory access, etc.)
>
> but how likely is this to happen?
>
> >1.2. if the seed cap persists for a fixed period of time, it allows
> >service caps to have shorter lifetimes. deployers may want some caps
> >(like caps for spending money and transferring items) to have a
> >shorter lifetime than others (like caps for connecting to public
> >regions or caps for getting the grid status.)
> >
> >by persisting the seed cap, the client may request a new service cap
> >from the seed without having to re-authenticate.
>
>
> you could request a "new seed" capability from the seed cap, then when you
> need a new one, you access the new seed capability to give you a new seed
> capability.
>
>
how is this different from just keeping the seed cap around? if the concern
is that an attacker will be able to exploit a security vulnerability to
access a seed cap, then it could just as easily extract the "new seed" cap
instead of the seed cap. the attacker could then use the new seed cap  to
get another seed cap, and the client is still pwnd.


>
>
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>

v2.23.0 | Report a Bug | By Email