Re: iSCSI: SecurityContextComplete without operational parameters

To: ips@ece.cmu.edu
Subject: Re: iSCSI: SecurityContextComplete without operational parameters
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Tue, 24 Jul 2001 16:51:16 +0300
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu

OK

Julo

"Eddy Quicksall" <EQuicksall@mediaone.net> on 24-07-2001 15:55:05

Please respond to "Eddy Quicksall" <EQuicksall@mediaone.net>

To:   Julian Satran/Haifa/IBM@IBMIL
cc:   ips@ece.cmu.edu
Subject:  iSCSI: SecurityContextComplete without operational parameters




In section "4.2 iSCSI Security and Integrity Negotiation", it would be best
if the target is required to send SecurityContextComplete=yes without any
new operational parameters within the same PDU.

It makes coding cleaner because the initiator can have a simple
send/receive
loop that pops out when security is complete. If operational parameters are
allowed with SecurityContextComplete=yes, the initiator's security module
must also have operational parameter code or it must set flags, leave
information in buffers, etc that all create messy code.

The spec says:

           If the initiator has been the last to complete the handshake it
           MUST NOT start sending operational parameters within the same
           text command.

How about if we say the same thing for the target? There shouldn't be any
harm because I suspect everyone is doing that anyway.

Comments?


Eddy_Quicksall@iVivity.com

Prev by Date: Re: iSCSI: Concerns raised about ACA and denial of service conditions
Next by Date: RE: iSCSI draft-07 Padding
Prev by thread: iSCSI: SecurityContextComplete without operational parameters
Next by thread: Re: iSCSI: SecurityContextComplete without operational parameters
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:14 2001
6315 messages in chronological order