|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Security CommentsThanks Josh, I will fix. Regards, Julo "Joshua Tseng/Nishan Systems" <joshua.tseng@NishanSystems.com> on 11/11/2000 02:29:40 Please respond to "Joshua Tseng/Nishan Systems" <joshua.tseng@NishanSystems.com> To: ips@ece.cmu.edu cc: Subject: iSCSI Security Comments A few comments for the security section: 1) X509v3 is a format for a public key certificate, and is not a public key authentication algorithm. So it should be deleted as an Public Key authentication algorithm from the table on page 74. 2) Another important Public Key authentication algorithm you may want to include in the table in pg 74 is RSA Signature Algorithm with MD-2, MD-5, or SHA-1 hash (defined in RFC 2313). I think this is where iSNS and iSCSI security dovetail pretty nicely. The iSCSI initiators can retrieve the X509v3 public key certificates from the iSNS for the iSCSI target they wish to talk to. The certificate should identify the authentication algorithm (RSA or DSA) for the public key, allowing the initiator to sign the authenticate message with the target's public key using the specified algorithm. 3) Similar to 1), PGP is not a public key authentication algorithm, and should also be deleted from the table on pg 74. 4) Your reference to [SPKIX] is missing. I suspect that it also is not a signature authentication algorithm. 5) pg 75: "authenticate:<user-id>,<blob>" "blob" is the "digital signature of the salt and the iSCSI header (48 bytes) carrying the authenticating message", not the "public key blob". The hash and signature should not cover the text message and the blob (re-hash & sign the blob?). 6) pg 76-77: The public key authentication examples should have "public_key"(ssh-dss, parameters)", instead of "public_key(ssh-dss, blob)". "blob" should only exist for the "authenticate:" message. 7) pg 76, last paragraph- "blob" is a hash of the iSCSI the "salt" and the iSCSI PDU header (not packet). Josh
Home Last updated: Tue Sep 04 01:06:26 2001 6315 messages in chronological order |