Re: iSCSI: security conflict

To: ips@ece.cmu.edu
Subject: Re: iSCSI: security conflict
From: Stephen Bailey <steph@cs.uchicago.edu>
Date: Fri, 06 Jul 2001 16:06:48 -0400
In-Reply-To: Message from "Eddy Quicksall" <EQuicksall@mediaone.net> of "Fri, 06 Jul 2001 14:34:29 EDT." <00e001c1064a$4e3383b0$4b481f42@eddylaptop>
References: <00e001c1064a$4e3383b0$4b481f42@eddylaptop>
Sender: owner-ips@ece.cmu.edu

> Comments anyone?

The `initiator MUST NOT send parameters other than security in the
login command' prohibition means that the intiator must not send
operation parameters in the login command when security is being
turned on.  In this case, identity parameters (initiator name & target
name), and the set of supported mechanisms are considered to be
security parameters.

This is to ensure that operational parameter negotiation is secured.

It does not say that ALL security `parameters' (including those used
for the actual security mechanism establishment) must ONLY be sent in
the login command.  Once a security mode has been chosen, negotiation
happens with text commands.

Steph

References:
- iSCSI: security conflict
  - From: "Eddy Quicksall" <EQuicksall@mediaone.net>

Prev by Date: iSCSI: security conflict
Next by Date: RE: iSCSI Security: Environment and Requirements
Prev by thread: iSCSI: security conflict
Next by thread: FCIP Multiple Connection Management
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:20 2001
6315 messages in chronological order