Re: Section 4.1 Login Phase Start

To: ips@ece.cmu.edu
Subject: Re: Section 4.1 Login Phase Start
From: Stephen Bailey <steph@cs.uchicago.edu>
Date: Tue, 05 Jun 2001 18:52:44 -0400
In-Reply-To: Message from "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com> of "Tue, 05 Jun 2001 17:45:32 BST." <0B9A57FF1D57D411B47500D0B73E5CC101E7A737@dickens.bri.hp.com>
References: <0B9A57FF1D57D411B47500D0B73E5CC101E7A737@dickens.bri.hp.com>
Sender: owner-ips@ece.cmu.edu

Matthew,

> Either it is optional and the target should not ignore it (e.g. check the
> name against the existing session), or it should not be sent at all.

I couldn't agree more.

A third position would be that it be required, AND checked.

Frankly, I see little point in making it optional.  If I'm an
initiator, and it's optional, I'm not going to send it, because it's
one less error condition (that I may have created) I have to
specifically address in the response.

If we believe there is an important and likely programming error (it
doesn't detect a regular, operational condition, right?)
vulnerability that is detected by checking the target name on
following logins, we should require that they always be sent.
Personally, I don't see such a vulnerability.  This argues for
requiring that target name NOT be sent on following logins.  That is
what I suggested, once upon a time.

Whatever we chose, optional doesn't really seem like a useful
position.

Steph

References:
- Section 4.1 Login Phase Start
  - From: "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>

Prev by Date: RE: iSCSI Discovery and SendTargets or Expediency vs. Planning
Next by Date: RE: iSCSI Discovery and SendTargets or Expediency vs. Planning
Prev by thread: Section 4.1 Login Phase Start
Next by thread: RE: iSCSI Discovery and SendTargets or Expediency vs. Planning
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:33 2001
6315 messages in chronological order