iSCSI: Use of SRP (draft -04)

To: ietf-ips <ips@ece.cmu.edu>
Subject: iSCSI: Use of SRP (draft -04)
From: Steve Senum <ssenum@cisco.com>
Date: Tue, 27 Feb 2001 17:41:01 -0600
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-ips@ece.cmu.edu

Julian:

With respect to use of the SRP protocol for authentication,
I think the current draft is incomplete.  The SRP spec
requires that values for the Prime Modulus value 'N' and the
Generator value 'g' be sent by the authenticating entity
as well as 's' and 'B' (or known through some other method).
Look at RFC 2944 to see how telnet handles this.

Also, if both Initiator and Target choose to authenticate with
SRP, or if InitAuth=KERB5 and TargetAuth=srp, the same key names
will be needed by both sides at the same time, resulting in the
same key name appearing twice in the same text message.  This
will make it difficult for the receiver to know which key names
goes with which authentication process, since there can be two
going on at one time.

Regards,
Steve Senum

Prev by Date: RE: iSCSI CRC considerations
Next by Date: Re: iscsi.04 comments
Prev by thread: Re: iSCSI: WN Field (draft -04)
Next by thread: Re: iSCSI: Use of SRP (draft -04)
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:30 2001
6315 messages in chronological order