Re: remote kernel debugging over a network

To: Jordan Gordeev <jgordeev%dir.bg@localhost>
Subject: Re: remote kernel debugging over a network
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Sun, 6 Jun 2010 09:01:32 -0400

On Jun 6, 2010, at 5:02 18AM, Jordan Gordeev wrote:

> Thor Lancelot Simon wrote:
>> IPKDB used a custom MD5-based packet hash for "security".  I actually
>> think it would probably be very easy to support a single IPsec ESP
>> security association instead.  The hair with IPsec is all with key
>> negotiation.  Don't bother, and don't do some things like replay
>> protection, and ESP is a very simple, compact little shim layer on IP.
>>  
> ESP requires a random-number generator with cryptographic quality. I'm not 
> sure we can provide that in the limited environment of the kernel debugger.

ESP needs that for key management but not otherwise.  If you provision static 
keys, that isn't necessary.  You do need unpredictable IVs, but there are other 
ways to do that.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- remote kernel debugging over a network
  - From: Jordan Gordeev
- Re: remote kernel debugging over a network
  - From: der Mouse
- Re: remote kernel debugging over a network
  - From: Bakul Shah
- Re: remote kernel debugging over a network
  - From: Thor Lancelot Simon
- Re: remote kernel debugging over a network
  - From: Jordan Gordeev

Prev by Date: Re: MI commpage?
Next by Date: Re: remote kernel debugging over a network
Previous by Thread: Re: remote kernel debugging over a network
Next by Thread: Re: remote kernel debugging over a network
Indexes:

Home | Main Index | Thread Index | Old Index