SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME

    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: SecurityContextComplete without operational parameters

    the new text will read:

      If the initiator has been the last to complete the handshake it MUST
      NOT start sending operational parameters that need to be protected
      within the same text command; a text response including only
      SecurityContextComplete=yes concludes the security sub-phase. Only
      the following PDU exchange is protected by digests (if any).

If the target has been the last to complete the handshake, the initiator
can start the operational parameter negotiation with the next text command;
the security negotiation sub-phase ends with the target text response.
However, the target handshake concluding response MUST NOT include
operational parameters that need to be protected. Only the following PDU
exchange is protected by digests (if any).

Julo

"Eddy Quicksall" <EQuicksall@mediaone.net> on 24-07-2001 15:55:05

Please respond to "Eddy Quicksall" <EQuicksall@mediaone.net>

To:   Julian Satran/Haifa/IBM@IBMIL
cc:   ips@ece.cmu.edu
Subject:  iSCSI: SecurityContextComplete without operational parameters




In section "4.2 iSCSI Security and Integrity Negotiation", it would be best
if the target is required to send SecurityContextComplete=yes without any
new operational parameters within the same PDU.

It makes coding cleaner because the initiator can have a simple
send/receive
loop that pops out when security is complete. If operational parameters are
allowed with SecurityContextComplete=yes, the initiator's security module
must also have operational parameter code or it must set flags, leave
information in buffers, etc that all create messy code.

The spec says:

           If the initiator has been the last to complete the handshake it
           MUST NOT start sending operational parameters within the same
           text command.

How about if we say the same thing for the target? There shouldn't be any
harm because I suspect everyone is doing that anyway.

Comments?


Eddy_Quicksall@iVivity.com

Home

Last updated: Tue Sep 04 01:04:14 2001
6315 messages in chronological order