SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI Login Questions



    Steve,
    
    comments in text - Julo
    
    Steve Senum <ssenum@cisco.com> on 19-07-2001 23:28:55
    
    Please respond to Steve Senum <ssenum@cisco.com>
    
    To:   ietf-ips <ips@ece.cmu.edu>
    cc:
    Subject:  iSCSI Login Questions
    
    
    
    
    Julian:
    
    Is the following valid (taking into account the
    changes requested from the UNH Plugfest)?
    
    I: Login: AuthMethod:none SecurityContextComplete=Yes
    
    I would assume not, that the initiator must wait
    until after the initial exchange of the AuthMethod, HeaderDigest,
    and DataDigest keys to send the SecurityContextComplete
    key.
    +++ It is correct because either the target will answer with
    T->Login AuthMethod:none SecurityContextComplete=Yes (accept and perhaps
    goon)
    
    or it wil send a login reject and drop the connection
    
    +++++
    Also, if further simplification of the login process
    is desired, the working group might want to consider requiring
    the initiator to send the AuthMethod HeaderDigest and
    the DataDigest keys on the first login, so that the
    login sequence would always look like:
    
    I: Login:   AuthMethod=a1,a2,aN
                HeaderDigest=hd1,hd2,hdN
                DataDigest=dd1,dd2,ddN
    T: LoginPR: AuthMethod=a1
                HeaderDigest=hd1 DataDigest=dd1
    ...Authentication phase, if needed
    I: Text:    SecurityContextComplete=yes
    T: Text:    SecurityContextComplete=yes
    ...Operational Parameter Negotiating phase
    ...Full Feature Phase
    
    +++
    We will consider it
    +++
    
    Regards,
    Steve Senum
    
    
    
    


Home

Last updated: Tue Sep 04 01:04:15 2001
6315 messages in chronological order