[tcpm] Re: [e2e] Are you interested in TOEs and related issues
(Resend)
Sunay Tripathi
Sunay.Tripathi at eng.sun.com
Wed Mar 10 18:23:30 PST 2004
David,
Thanks for clarifying.
> At 06:29 PM 3/9/2004, David P. Reed wrote:
> >I wouldn't waste my time on TOEs. There are more useful things to work
> >on, like making end-to-end secure and resilient communications practical.
>
> To clarify this, if it seems like a non-sequitur or change in topic,
> remember that offloading TCP into a separate box locks in any security
> flaws into the architectural structure you had to create to make it
> happen. In practice, this means that no one will have the energy or money
> to fix the security and resiliency issues in such solutions - which means
> more kludges in wrap-around devices and interceptors that create the false
> illusion of security.
Yes, that was one of the first thoughts that came to my mind when I
started looking at this space. Its not just security issues but bugs and
new features. TCP despite being mature still sees couple of RFC or tweaks
a year that needs to be rolled out to existing systems. Apparantly the
TOE vendors had thought about that. The firmware running the protocol code
actually lives on the host and is delivered via exisiting delivery
mechanism (packages in Solaris which can be upgraded). When machine boots
and interface is configured, the protocol firmware is sucked in. So
delivering fix or new revs in pretty similar to exisiting mechanisms.
Also, the source code is still 'C' based so people like me can still
work with it (just need to use some magic in the end to create the
firmware instead of complier). Some vendors we talked to have promised
that they can pretty much suck in the same code that runs on the host
into the card (as long as we can clean some complier specific directives
etc). Although I must admit that this aspect (common source files) of TOE
has not been investigated by us at all so far.
Cheers,
Sunay
>
> Communications networking is a systems problem, and ignoring the systems
> issues by focusing on a narrow problem space is not a good investment of
> effort.
>
>
--
Sunay Tripathi
Solaris Kernel Networking,
Sun MicroSystems Inc.
email: sunay at eng.sun.com Phone: 650-786-6007 (W)
More information about the end2end-interest
mailing list