SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI Login Questions



    Hi, Julian:
    
    I don't think "SecurityContextComplete=yes" should be used in the Login
    Command together with security parameters(as in Cases 1&3). 
    
    Draft 07,Clause 4.1 says:
    
    "-Every party in the security negotiation indicates that it has 
     completed building its security context (has all the required
    					      ^^^^^^^^^^^^^^^^^	 
     information) by sending the key=value pair: 
     ^^^^^^^^^^^           
          SecurityContextComplete=yes"
    
    When Login Command is sending out, the initiator has no idea how the
    target would response, how  could it "has all the required information"?
    In Case 1, the initiator limits the response from target by providing only
    one option for each parameter, so that it has a good guess of the
    response. However, "a text response including only
    SecurityContextComplete=yes concludes the security sub-phase" (page 101 in
    draft 7). The initiator still needs to send SecurityContextComplete=yes
    in the next Text Command and wait for a Text Response with
    SecurityContextComplete=yes only to end the security sub-phase. It is
    meaningless to include the SecurityContextComplete=yes so early in the
    Login Command.
      
    If both Cases 2 and 3 are correct, sending "SecurityContextComplete=yes"
    becomes optional and loses its value to be used. I also checked the "Login
    Phase Examples" in Appendix A and I did not find any example with
    "SecurityContextComplete=yes" in Login Command. Could you please give more
    explanations on this issue?
    
    Thanks.
    Qin 
     
      
               
    
    On Sat, 21 Jul 2001, Julian Satran wrote:
    
    > 
    > Steve,
    > 
    > All are correct.
    > 
    > Julo
    > 
    > Steve Senum <ssenum@cisco.com> on 20-07-2001 21:13:47
    > 
    > Please respond to Steve Senum <ssenum@cisco.com>
    > 
    > To:   ips@ece.cmu.edu
    > cc:
    > Subject:  Re: iSCSI Login Questions
    > 
    > 
    > 
    > 
    > Julian,
    > 
    > Thanks for the reply.
    > 
    > I have a few of more cases I would like to be sure of.
    > Please comment on whether you think the given sequence
    > is valid.
    > 
    > 
    > Case 1:
    > 
    > I-> Login    AuthMethod=none
    >              HeaderDigest=crc-32C
    >              DataDigest=crc-32C
    >              SecurityContextComplete=yes
    > T-> Login-PR AuthMethod=none
    >              HeaderDigest=crc-32C
    >              DataDigest=crc-32C
    >              SecurityContextComplete=yes
    > 
    > 
    > Case 2:
    > 
    > I-> Login    AuthMethod=none
    >              HeaderDigest=crc-32C,none
    >              DataDigest=crc-32C,none
    > T-> Login-PR AuthMethod=none
    >              HeaderDigest=crc-32C
    >              DataDigest=crc-32C
    >              SecurityContextComplete=yes
    > I-> Text     SecurityContextComplete=yes
    > T-> Text     SecurityContextComplete=yes
    > 
    > 
    > Case 3:
    > 
    > I-> Login    AuthMethod=none
    >              HeaderDigest=crc-32C,none
    >              DataDigest=crc-32C,none
    >              SecurityContextComplete=yes
    > T-> Login-PR AuthMethod=none
    >              HeaderDigest=crc-32C
    >              DataDigest=crc-32C
    >              SecurityContextComplete=yes
    > 
    > 
    > Thanks,
    > Steve Senum
    > 
    > 
    > 
    > 
    
    


Home

Last updated: Tue Sep 04 01:04:15 2001
6315 messages in chronological order