[ofa-general] Re: [PATCH] saquery: --smkey command line option
Hal Rosenstock
hrosenstock at xsigo.com
Thu May 22 08:10:29 PDT 2008
On Thu, 2008-05-22 at 17:56 +0300, Sasha Khapyorsky wrote:
> On 07:46 Thu 22 May , Hal Rosenstock wrote:
> > Sasha,
> >
> > On Thu, 2008-05-22 at 16:53 +0300, Sasha Khapyorsky wrote:
> > > This adds possibility to specify SM_Key value with saquery. It should
> > > work with queries where OSM_DEFAULT_SM_KEY was used.
> >
> > I think this starts down a slippery slope and perhaps bad precedent for
> > MKey as well. I know this is useful as a debug tool but compromises what
> > purports as "security" IMO as this means the keys need to be too widely
> > known.
>
> When different than OSM_DEFAULT_SM_KEY value is configured on OpenSM
> side an user may know this or not, in later case saquery will not work
> (just like now). I don't see a hole.
I think it will tend towards proliferation of keys which will defeat any
security/trust. The idea of SMKey was to keep it private between SMs.
This is now spreading it wider IMO. I'm sure other patches will follow
in the same vein once an MKey manager exists.
-- Hal
> Sasha
More information about the general
mailing list