RE: iSCSI Login Questions

To: "Steve Senum" <ssenum@cisco.com>, "ietf-ips" <ips@ece.cmu.edu>
Subject: RE: iSCSI Login Questions
From: "Barry Reinhold" <bbrtrebia@mediaone.net>
Date: Thu, 19 Jul 2001 18:02:29 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="US-ASCII"
Importance: Normal
In-Reply-To: <3B574307.E24947@cisco.com>
Sender: owner-ips@ece.cmu.edu

Steve,
	I would think that this is valid independent of the changes that have been
discussed at the UNH GTP. The initiator has all the information that it
needs for security and is indicating that by setting
securitycontextcomplete=yes. If the target responds with with
AuthMethod=none and SecurityContextComplete=yes then full security phase is
history. However, the initiator needs to be ready to allow the target to
continue the negotiation. (i.e. if the initiator receives a PDU back with
securitycontextcomplete=no it must continue to send text commands in the
security phase even if it does not have any additional parameters it wishes
to communicate.) The target may also respond to the AuthMethod=None with
AuthMethod=Reject, or it might reject the login with a status of 0x0201
(Auth failed).
	All of these responses appear to be valid based on 6-97. It would probably
benefit us to limit the choices here.
>-----Original Message-----
>From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
>Steve Senum
>Sent: Thursday, July 19, 2001 4:29 PM
>To: ietf-ips
>Subject: iSCSI Login Questions
>
>
>Julian:
>
>Is the following valid (taking into account the
>changes requested from the UNH Plugfest)?
>
>I: Login: AuthMethod:none SecurityContextComplete=Yes
>
>I would assume not, that the initiator must wait
>until after the initial exchange of the AuthMethod, HeaderDigest,
>and DataDigest keys to send the SecurityContextComplete
>key.
>
>Also, if further simplification of the login process
>is desired, the working group might want to consider requiring
>the initiator to send the AuthMethod HeaderDigest and
>the DataDigest keys on the first login, so that the
>login sequence would always look like:
>
>I: Login:   AuthMethod=a1,a2,aN
>            HeaderDigest=hd1,hd2,hdN
>            DataDigest=dd1,dd2,ddN
>T: LoginPR: AuthMethod=a1
>            HeaderDigest=hd1 DataDigest=dd1
>...Authentication phase, if needed
>I: Text:    SecurityContextComplete=yes
>T: Text:    SecurityContextComplete=yes
>...Operational Parameter Negotiating phase
>...Full Feature Phase
>
>Regards,
>Steve Senum

Follow-Ups:
- Re: iSCSI Login Questions
  - From: Steve Senum <ssenum@cisco.com>

References:
- iSCSI Login Questions
  - From: Steve Senum <ssenum@cisco.com>

Prev by Date: Re: FCIP Annex E
Next by Date: Re: iSCSI Login Questions
Prev by thread: iSCSI Login Questions
Next by thread: Re: iSCSI Login Questions
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:15 2001
6315 messages in chronological order