Re: In-band signalling (was: Re: NuralStorm Webmail Multiple Vulnerabilities)

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Sat, 17 Jul 2010, Dan Kaminsky wrote:

> Out of band signaling can be made to work in small networks.

What does "out of band" mean in that sentence?

The original meaning of "out of band" was "out of the frequency band
used to transmit end-to-end voice communication". As frequency division
multiplexing was replaced by other (mostly digital) methods of signal
encoding and multiplexing, the term acquired a more abstract meaning with
"band" denoting any kind of multiplexed channel. Out-of-band signalling in
this abstract sense is one of the major features of SS7. I do not think
you want to call the global SS7-based phone network "small".

> In larger networks and systems, the problem is -- what makes you think
> you have simply two planes?  We call them n-tier, not 2-tier after all.

If you know how to split a communication channel into two separated
subchannels then you can apply the approach recursively and get any number
of subchannels and any number of tiers you want (as long as you do not hit
physical limits).

> So the game, as I see it, isn't to demand out of band operations. The  
> game is to engineer systems that can strongly maintain separation  
> between contexts, in band.

Again, what does "out of band" (and "in band") mean in that sentence?

In fact, "the need to engineer systems to maintain strong separation
between contexts" is more or less the lesson to be learned I talked about.

BTW: Between? What makes you think you have simply two contexts? :)

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/