|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: Use of SRP (draft -04)Julian: With respect to use of the SRP protocol for authentication, I think the current draft is incomplete. The SRP spec requires that values for the Prime Modulus value 'N' and the Generator value 'g' be sent by the authenticating entity as well as 's' and 'B' (or known through some other method). Look at RFC 2944 to see how telnet handles this. Also, if both Initiator and Target choose to authenticate with SRP, or if InitAuth=KERB5 and TargetAuth=srp, the same key names will be needed by both sides at the same time, resulting in the same key name appearing twice in the same text message. This will make it difficult for the receiver to know which key names goes with which authentication process, since there can be two going on at one time. Regards, Steve Senum
Home Last updated: Tue Sep 04 01:05:30 2001 6315 messages in chronological order |