openstack team mailing list archive

[Nick Barcet <nick.barcet@xxxxxxxxxxxxx>]

On 05/22/2012 03:26 PM, Doug Hellmann wrote:
>     -> In addition to a signature, I think we would need a sequence number
>     to be embedded by the agent for each message sent, so that loss of
>     messages, or forgery of messages, can be detected by the collector and
>     further audit process.
> 
> 
> OK. We have a message id, but I assumed those would be used to eliminate
> duplicates so this sounds like something different or new. It implies
> that the agent knows its own id (not hard) and keeps up with a sequence
> counter (more difficult, though not impossible). Did you have something
> in mind for how to implement that?

Actually, this was my intent in the original blueprint when I specified
the "message_id" field then a couple lines bellow: "a process may verify
that messages were not lost".  On the implementation side, I was
thinking that each agent would maintain its own sequence count, as a
global instance count would be pricier.  In my mind, non repudiation was
built from the message_signature + message_id which should be unique for
each agent.

Nick

Attachment: signature.asc
Description: OpenPGP digital signature