Subject: Re: CVS commit: syssrc/sys/dev/ic
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-kern
Date: 11/09/2001 13:13:49
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 08, 2001 at 04:52:14PM -0800, Jonathan Stone wrote:
> Its not dangerous'; its just not *shown* to be safe. But then, what is? =
=20

Seems to me that Bill and Perry just pointed out some very easy ways
it *is* dangerous on a public network (or, really, any machine unwanted
packets can reach in any way). If you can push on the network
device, you can push on the entropy. I hope we all see why that's
bad at this point.

Michael Graff's situation, on a fully private network, is different,
provided he trusts everyone who uses that network. Are we wrong to
presume that his situation is the exception rather than the norm?

> Don't make NetBSD yell that its outright dangerous, because it it
> isn't necessarily dangerous; and sometimes network cards really are the=
=20
> best source of entropy available.

It is significantly more dangerous than other perfectly extant and
useable sources of entropy. But it would be nice to have for places
where other sources of entropy really don't exist (or where the
danger doesn't exist and it's a more efficient way to get entropy
than others).

> Emit a syslog message worning that network traffic may be subject
> entropy-damaging attacks, or something like that?

Probably everybody involved could agree on that. (Though I dug
putting it in dmesg, actually.)

--=20
       ~ g r @ eclipsed.net

--wac7ysb48OaltWcw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvsHN0ACgkQ9ehacAz5CRrtYgCfUuzCboOcsqOYcfX5FoYTsdJf
+4kAoKEgCMaqEPt5d0hjPESNcNu1j+AZ
=l5+Y
-----END PGP SIGNATURE-----

--wac7ysb48OaltWcw--