IETF Logo Mail Archive

Re: [ogpx] Seed capability behavior

Hogmanay Milestone <hogmanay.milestone@yahoo.com> Thu, 21 January 2010 00:56 UTC

Return-Path: <hogmanay.milestone@yahoo.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24B9628C0F3 for <ogpx@core3.amsl.com>; Wed, 20 Jan 2010 16:56:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.332
X-Spam-Level:
X-Spam-Status: No, score=-0.332 tagged_above=-999 required=5 tests=[AWL=-0.147, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G1YU2Q5ks-zz for <ogpx@core3.amsl.com>; Wed, 20 Jan 2010 16:56:41 -0800 (PST)
Received: from n15b.bullet.mail.mud.yahoo.com (n15b.bullet.mail.mud.yahoo.com [68.142.207.236]) by core3.amsl.com (Postfix) with SMTP id 51BCC3A677D for <ogpx@ietf.org>; Wed, 20 Jan 2010 16:56:41 -0800 (PST)
Received: from [209.191.108.96] by n15.bullet.mail.mud.yahoo.com with NNFMP; 21 Jan 2010 00:56:35 -0000
Received: from [67.195.9.82] by t3.bullet.mud.yahoo.com with NNFMP; 21 Jan 2010 00:56:35 -0000
Received: from [67.195.9.106] by t2.bullet.mail.gq1.yahoo.com with NNFMP; 21 Jan 2010 00:56:35 -0000
Received: from [127.0.0.1] by omp110.mail.gq1.yahoo.com with NNFMP; 21 Jan 2010 00:56:35 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 723782.26024.bm@omp110.mail.gq1.yahoo.com
Received: (qmail 66171 invoked by uid 60001); 21 Jan 2010 00:56:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1264035395; bh=+pwNiUfbqkUaH267fbOplwqsrXgXTWH+o14AMo641Ck=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=4MpmlIqs6yCr16s10+Ctso1MH8uXpAxr1yT5SU0WvYa2eDxabfhl2l9ywdqf1BfxV194EHh24r+5W8CBt7GMSQewFu3fxpik5tMY0Db1zzLIaYfJlOYBTtPVxaCnvv2bmPT9B3+/EkFU9qj+wiGvAS5UgM+T1QdyGo60Wa/EN0U=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=kW2NaK0UotkItRYXiFVKJHBdk2Xpz/50u11iwDQ1dm1khcwVu1Ba3yptq+4DeJ0+8ZcvLefpwxF/OD8pzuyLTP3+kkZLD1Gag5QLZpimHKaTKbXIVp+vWWumv7CAFMCwdpcvNWamei+xEkngk1hoH2UfXi2C8ECQyArikxLCBio=;
Message-ID: <606825.66007.qm@web112815.mail.gq1.yahoo.com>
X-YMail-OSG: MwtQWKcVM1lDSRGzCoXv5rYP19f9xJiyavdDRZpqgn1LIWJvDD3_DI30Dg.AsmC1eVueg4oEGFL08Zc1wSYq60I6uji9k9OMBvqjeCBvQ2ggvaWxnvfgtAau4c_VALz6_6GldBR2VbAvTfbeCl5xv4nxw1NOdPSwAFWzGOiCQRYB7dySBTexnqRQvlLtTRaNHEe_sqyPB5ltf4ZKajQwIYkNbSA76OIDU541KnVTsNNlCbUG5NUz0I8hb9xjlBIHWFFmKj6WNTgzziQeyJDSmKo1VA--
Received: from [64.154.223.249] by web112815.mail.gq1.yahoo.com via HTTP; Wed, 20 Jan 2010 16:56:35 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
References: <62BFE5680C037E4DA0B0A08946C0933DC4B2DCF9@rrsmsx506.amr.corp.intel.com> <OFEDB4A382.947559FB-ON852576B1.007B59C0-852576B1.007C448C@us.ibm.com> <3a880e2c1001201643p3a885e23ma60f0c9df8d783b@mail.gmail.com> <186103.40609.qm@web112807.mail.gq1.yahoo.com> <5cca23bc1001201653m67298deey1c3395b80b5b0e29@mail.gmail.com>
Date: Wed, 20 Jan 2010 16:56:35 -0800
From: Hogmanay Milestone <hogmanay.milestone@yahoo.com>
To: Arrogant Cyberstar <arrogant.cyberstar@gmail.com>
In-Reply-To: <5cca23bc1001201653m67298deey1c3395b80b5b0e29@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com>, ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Seed capability behavior
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2010 00:56:42 -0000

>>>>1.2. if the seed cap persists for a fixed period of time, it allows
>>>>service caps to have shorter lifetimes. deployers may want some caps
>>>>(like caps for spending money and transferring items) to have a
>>>>shorter lifetime than others (like caps for connecting to public
>>>>regions or caps for getting the grid status.)
>>>>
>>>>by persisting the seed cap, the client may request a new service cap
>>>>from the seed without having to re-authenticate.
>>
>>
>>you could request a "new seed" capability from the seed cap, then when you need a >new one, you access the new seed capability to give you a new seed capability.
>>
>>
>>
>
>how is this different from just keeping the seed cap around? if the concern is that an >attacker will be able to exploit a security vulnerability to access a seed cap, then it >could just as easily extract the "new seed" cap instead of the seed cap. the attacker >could then use the new seed cap  to get another seed cap, and the client is still pwnd.
 
but keeping the same seed cap would mean it's easier for someone to guess it.

v2.23.0 | Report a Bug | By Email