X-Spam-Checker-Version: SpamAssassin 3.4.0-r929098 (2010-03-30) on oss.sgi.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.4.0-r929098
Received: from cuda.sgi.com (cuda2.sgi.com [192.48.176.25])
	by oss.sgi.com (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id q5LDKQwq064478
	for <pcp@oss.sgi.com>; Thu, 21 Jun 2012 08:20:27 -0500
X-ASG-Debug-ID: 1340284820-04cbb0257da73510001-S8gJnT
Received: from icp-osb-irony-out6.external.iinet.net.au (icp-osb-irony-out6.external.iinet.net.au [203.59.1.222]) by cuda.sgi.com with ESMTP id 86T8TAfQ7R6aOBIH for <pcp@oss.sgi.com>; Thu, 21 Jun 2012 06:20:22 -0700 (PDT)
X-Barracuda-Envelope-From: makc@iinet.net.au
X-Barracuda-Apparent-Source-IP: 203.59.1.222
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlwFAMEe40/L2Rwk/2dsb2JhbABFsguDSYEHghkBBTo/EAsNJxIsHQENBogPAQ26C4suhh0DlSqFeIoJgnE
X-IronPort-AV: E=Sophos;i="4.77,451,1336320000"; 
   d="scan'208";a="7143843"
Received: from unknown (HELO emma.crabbed.net) ([203.217.28.36])
  by icp-osb-irony-out6.iinet.net.au with ESMTP; 21 Jun 2012 21:20:19 +0800
Received: by emma.crabbed.net (Postfix, from userid 16314)
	id D4F793313EA; Thu, 21 Jun 2012 23:20:18 +1000 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20451.8082.829270.276362@iinet.net.au>
Date: Thu, 21 Jun 2012 23:20:18 +1000
From: Max Matveev <makc@gmx.co.uk>
To: Dave Brolley <brolley@redhat.com>
Cc: pcp@oss.sgi.com, Performance Tools <perftools-list@redhat.com>
Subject: Re: [pcp] SSL/TLS and IPv6 for PCP via NSS/NSPR
In-Reply-To: <4FE1FE5B.6020302@redhat.com>
X-ASG-Orig-Subj: Re: [pcp] SSL/TLS and IPv6 for PCP via NSS/NSPR
References: <4FE1FE5B.6020302@redhat.com>
X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid
X-Barracuda-Connect: icp-osb-irony-out6.external.iinet.net.au[203.59.1.222]
X-Barracuda-Start-Time: 1340284821
X-Barracuda-URL: http://192.48.176.25:80/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at sgi.com
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1.3 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.100498
	Rule breakdown below
	 pts rule name              description
	---- ---------------------- --------------------------------------------------

On Wed, 20 Jun 2012 12:46:19 -0400, Dave Brolley wrote:

 brolley> The use of NSS/NSPR on its own does not provide SSL/TLS
 brolley> connections. The client and server must both agree to and
 brolley> expect the use of a secure connection. The idea would be to
 brolley> have an insecure connection made as normal and then to
 brolley> provide some sort of protocol by which the client and/or
 brolley> server can request an upgrade to a secure connection (think
 brolley> STARTTLS). In this way existing pmcd clients and agents can
 brolley> still connect to pmcd without change and future clients and
 brolley> agents can still use insecure connections if they choose.

Couple of things to note:

1. What is the 'killer app' for secure connection? I know Frank and
   Mark had talked in the past about the need to "authenticate"
   clients to be able to provide finer granied access control.

   If this is the real driver behind this work then I think some sort
   of strawman to how how it can work end-to-end, i.e. how can pmcd
   verify that it knows the client would go a very long way in proving
   that the abstraction actually makes sense.

   Otherwise it's just 'everything must be encrypted' mantra which
   doesn't really make sense when talking about performance
   monitoring - think of Schroedinger's cat.

2. In PCP world pmcd can send unsolicited PDU to the client. This kind
   of communication does not map well on STARTTLS-like paradigm unless
   you're planing to delay STARTTLS phase until after connection
   handshake is done.

3. Who's going to decide what it's time to 'starttls'? Usually it's
   the 'client' decision but client needs to know that server is
   capable of this. How is it going to be communicated to the client?

 brolley> A second issue is that many components use sockets, files
 brolley> and pipes seamlessly and that file descriptors representing
 brolley> all of these are passed to some functions. As a result,
 brolley> these functions must use the abstracted data types and I
 brolley> have had to extend the POSIX-NSS/NSPR abstraction to normal
 brolley> file and pipe I/O in many cases. I have, so far, left as
 brolley> much code as I can unabstracted, however, for the sake of
 brolley> consistency, it may make sense to convert all I/O (at least
 brolley> within the pmcd) to use the abstraction layer.

I thought that Nathan has already gone and done the necessary changes
to separate functions which deal with real sockets from functions
which deal with 'other stuff' like file descriptors as part of Windows
port.

max