Re: iSCSI Login Questions

To: Julian Satran <Julian_Satran@il.ibm.com>
Subject: Re: iSCSI Login Questions
From: Qin Tao <qtao@cs.unh.edu>
Date: Sun, 22 Jul 2001 22:34:33 -0400 (EDT)
cc: ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <OF1072761D.E562D7DD-ONC2256A90.005767BC@telaviv.ibm.com>
Sender: owner-ips@ece.cmu.edu

Hi, Julian:

I don't think "SecurityContextComplete=yes" should be used in the Login
Command together with security parameters(as in Cases 1&3). 

Draft 07,Clause 4.1 says:

"-Every party in the security negotiation indicates that it has 
 completed building its security context (has all the required
					      ^^^^^^^^^^^^^^^^^	 
 information) by sending the key=value pair: 
 ^^^^^^^^^^^           
      SecurityContextComplete=yes"

When Login Command is sending out, the initiator has no idea how the
target would response, how  could it "has all the required information"?
In Case 1, the initiator limits the response from target by providing only
one option for each parameter, so that it has a good guess of the
response. However, "a text response including only
SecurityContextComplete=yes concludes the security sub-phase" (page 101 in
draft 7). The initiator still needs to send SecurityContextComplete=yes
in the next Text Command and wait for a Text Response with
SecurityContextComplete=yes only to end the security sub-phase. It is
meaningless to include the SecurityContextComplete=yes so early in the
Login Command.

If both Cases 2 and 3 are correct, sending "SecurityContextComplete=yes"
becomes optional and loses its value to be used. I also checked the "Login
Phase Examples" in Appendix A and I did not find any example with
"SecurityContextComplete=yes" in Login Command. Could you please give more
explanations on this issue?

Thanks.
Qin 

On Sat, 21 Jul 2001, Julian Satran wrote:

> 
> Steve,
> 
> All are correct.
> 
> Julo
> 
> Steve Senum <ssenum@cisco.com> on 20-07-2001 21:13:47
> 
> Please respond to Steve Senum <ssenum@cisco.com>
> 
> To:   ips@ece.cmu.edu
> cc:
> Subject:  Re: iSCSI Login Questions
> 
> 
> 
> 
> Julian,
> 
> Thanks for the reply.
> 
> I have a few of more cases I would like to be sure of.
> Please comment on whether you think the given sequence
> is valid.
> 
> 
> Case 1:
> 
> I-> Login    AuthMethod=none
>              HeaderDigest=crc-32C
>              DataDigest=crc-32C
>              SecurityContextComplete=yes
> T-> Login-PR AuthMethod=none
>              HeaderDigest=crc-32C
>              DataDigest=crc-32C
>              SecurityContextComplete=yes
> 
> 
> Case 2:
> 
> I-> Login    AuthMethod=none
>              HeaderDigest=crc-32C,none
>              DataDigest=crc-32C,none
> T-> Login-PR AuthMethod=none
>              HeaderDigest=crc-32C
>              DataDigest=crc-32C
>              SecurityContextComplete=yes
> I-> Text     SecurityContextComplete=yes
> T-> Text     SecurityContextComplete=yes
> 
> 
> Case 3:
> 
> I-> Login    AuthMethod=none
>              HeaderDigest=crc-32C,none
>              DataDigest=crc-32C,none
>              SecurityContextComplete=yes
> T-> Login-PR AuthMethod=none
>              HeaderDigest=crc-32C
>              DataDigest=crc-32C
>              SecurityContextComplete=yes
> 
> 
> Thanks,
> Steve Senum
> 
> 
> 
>

References:
- Re: iSCSI Login Questions
  - From: "Julian Satran" <Julian_Satran@il.ibm.com>

Prev by Date: Re: iSCSI state transitions
Next by Date: Re: iSCSI Login Questions
Prev by thread: Re: iSCSI Login Questions
Next by thread: Re: iSCSI Login Questions
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:15 2001
6315 messages in chronological order