|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Login QuestionsHi, Julian: I don't think "SecurityContextComplete=yes" should be used in the Login Command together with security parameters(as in Cases 1&3). Draft 07,Clause 4.1 says: "-Every party in the security negotiation indicates that it has completed building its security context (has all the required ^^^^^^^^^^^^^^^^^ information) by sending the key=value pair: ^^^^^^^^^^^ SecurityContextComplete=yes" When Login Command is sending out, the initiator has no idea how the target would response, how could it "has all the required information"? In Case 1, the initiator limits the response from target by providing only one option for each parameter, so that it has a good guess of the response. However, "a text response including only SecurityContextComplete=yes concludes the security sub-phase" (page 101 in draft 7). The initiator still needs to send SecurityContextComplete=yes in the next Text Command and wait for a Text Response with SecurityContextComplete=yes only to end the security sub-phase. It is meaningless to include the SecurityContextComplete=yes so early in the Login Command. If both Cases 2 and 3 are correct, sending "SecurityContextComplete=yes" becomes optional and loses its value to be used. I also checked the "Login Phase Examples" in Appendix A and I did not find any example with "SecurityContextComplete=yes" in Login Command. Could you please give more explanations on this issue? Thanks. Qin On Sat, 21 Jul 2001, Julian Satran wrote: > > Steve, > > All are correct. > > Julo > > Steve Senum <ssenum@cisco.com> on 20-07-2001 21:13:47 > > Please respond to Steve Senum <ssenum@cisco.com> > > To: ips@ece.cmu.edu > cc: > Subject: Re: iSCSI Login Questions > > > > > Julian, > > Thanks for the reply. > > I have a few of more cases I would like to be sure of. > Please comment on whether you think the given sequence > is valid. > > > Case 1: > > I-> Login AuthMethod=none > HeaderDigest=crc-32C > DataDigest=crc-32C > SecurityContextComplete=yes > T-> Login-PR AuthMethod=none > HeaderDigest=crc-32C > DataDigest=crc-32C > SecurityContextComplete=yes > > > Case 2: > > I-> Login AuthMethod=none > HeaderDigest=crc-32C,none > DataDigest=crc-32C,none > T-> Login-PR AuthMethod=none > HeaderDigest=crc-32C > DataDigest=crc-32C > SecurityContextComplete=yes > I-> Text SecurityContextComplete=yes > T-> Text SecurityContextComplete=yes > > > Case 3: > > I-> Login AuthMethod=none > HeaderDigest=crc-32C,none > DataDigest=crc-32C,none > SecurityContextComplete=yes > T-> Login-PR AuthMethod=none > HeaderDigest=crc-32C > DataDigest=crc-32C > SecurityContextComplete=yes > > > Thanks, > Steve Senum > > > >
Home Last updated: Tue Sep 04 01:04:15 2001 6315 messages in chronological order |