Re: iSCSI: SecurityContextComplete without operational parameters

To: "Julian Satran" <Julian_Satran@il.ibm.com>
Subject: Re: iSCSI: SecurityContextComplete without operational parameters
From: "Eddy Quicksall" <ESQuicksall@hotmail.com>
Date: Tue, 24 Jul 2001 13:35:18 -0400
Cc: <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
References: <OFC1D24604.3A895308-ONC2256A93.004D7987@telaviv.ibm.com>
Sender: owner-ips@ece.cmu.edu

What I was actually asking for is that the target would not send any
operational parameters in the same PDU as the SecurityContextComplete.
Rationalization given below.

Eddy

----- Original Message -----
From: "Julian Satran" <Julian_Satran@il.ibm.com>
To: <ips@ece.cmu.edu>
Sent: Tuesday, July 24, 2001 10:08 AM
Subject: Re: iSCSI: SecurityContextComplete without operational parameters


> the new text will read:
>
>       If the initiator has been the last to complete the handshake it MUST
>       NOT start sending operational parameters that need to be protected
>       within the same text command; a text response including only
>       SecurityContextComplete=yes concludes the security sub-phase. Only
>       the following PDU exchange is protected by digests (if any).
>
> If the target has been the last to complete the handshake, the initiator
> can start the operational parameter negotiation with the next text
command;
> the security negotiation sub-phase ends with the target text response.
> However, the target handshake concluding response MUST NOT include
> operational parameters that need to be protected. Only the following PDU
> exchange is protected by digests (if any).
>
> Julo
>
> "Eddy Quicksall" <EQuicksall@mediaone.net> on 24-07-2001 15:55:05
>
> Please respond to "Eddy Quicksall" <EQuicksall@mediaone.net>
>
> To:   Julian Satran/Haifa/IBM@IBMIL
> cc:   ips@ece.cmu.edu
> Subject:  iSCSI: SecurityContextComplete without operational parameters
>
>
>
>
> In section "4.2 iSCSI Security and Integrity Negotiation", it would be
best
> if the target is required to send SecurityContextComplete=yes without any
> new operational parameters within the same PDU.
>
> It makes coding cleaner because the initiator can have a simple
> send/receive
> loop that pops out when security is complete. If operational parameters
are
> allowed with SecurityContextComplete=yes, the initiator's security module
> must also have operational parameter code or it must set flags, leave
> information in buffers, etc that all create messy code.
>
> The spec says:
>
>            If the initiator has been the last to complete the handshake it
>            MUST NOT start sending operational parameters within the same
>            text command.
>
> How about if we say the same thing for the target? There shouldn't be any
> harm because I suspect everyone is doing that anyway.
>
> Comments?
>
>
> Eddy_Quicksall@iVivity.com
>
>
>
>
>

References:
- Re: iSCSI: SecurityContextComplete without operational parameters
  - From: "Julian Satran" <Julian_Satran@il.ibm.com>

Prev by Date: Re: iSCSI draft-07 Padding
Next by Date: iSCSI: "when a target acts as an initiator..."
Prev by thread: Re: iSCSI: SecurityContextComplete without operational parameters
Next by thread: Re: iSCSI: SecurityContextComplete without operational parameters
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:13 2001
6315 messages in chronological order