|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Login QuestionsBarry, By my reading of the current draft, I don't think SecurityContextComplete=no is valid. Regards, Steve Senum Barry Reinhold wrote: > > Steve, > I would think that this is valid independent of the changes that have been > discussed at the UNH GTP. The initiator has all the information that it > needs for security and is indicating that by setting > securitycontextcomplete=yes. If the target responds with with > AuthMethod=none and SecurityContextComplete=yes then full security phase is > history. However, the initiator needs to be ready to allow the target to > continue the negotiation. (i.e. if the initiator receives a PDU back with > securitycontextcomplete=no it must continue to send text commands in the > security phase even if it does not have any additional parameters it wishes > to communicate.) The target may also respond to the AuthMethod=None with > AuthMethod=Reject, or it might reject the login with a status of 0x0201 > (Auth failed). > All of these responses appear to be valid based on 6-97. It would probably > benefit us to limit the choices here. > >-----Original Message----- > >From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of > >Steve Senum > >Sent: Thursday, July 19, 2001 4:29 PM > >To: ietf-ips > >Subject: iSCSI Login Questions > > > > > >Julian: > > > >Is the following valid (taking into account the > >changes requested from the UNH Plugfest)? > > > >I: Login: AuthMethod:none SecurityContextComplete=Yes > > > >I would assume not, that the initiator must wait > >until after the initial exchange of the AuthMethod, HeaderDigest, > >and DataDigest keys to send the SecurityContextComplete > >key. > > > >Also, if further simplification of the login process > >is desired, the working group might want to consider requiring > >the initiator to send the AuthMethod HeaderDigest and > >the DataDigest keys on the first login, so that the > >login sequence would always look like: > > > >I: Login: AuthMethod=a1,a2,aN > > HeaderDigest=hd1,hd2,hdN > > DataDigest=dd1,dd2,ddN > >T: LoginPR: AuthMethod=a1 > > HeaderDigest=hd1 DataDigest=dd1 > >...Authentication phase, if needed > >I: Text: SecurityContextComplete=yes > >T: Text: SecurityContextComplete=yes > >...Operational Parameter Negotiating phase > >...Full Feature Phase > > > >Regards, > >Steve Senum
Home Last updated: Tue Sep 04 01:04:15 2001 6315 messages in chronological order |