|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: SecurityContextComplete without operational parametersEddy, I am working on it. Thanks for your patience, Julo "Eddy Quicksall" <ESQuicksall@hotmail.com> on 26-07-2001 19:17:58 Please respond to "Eddy Quicksall" <ESQuicksall@hotmail.com> To: Julian Satran/Haifa/IBM@IBMIL cc: ips@ece.cmu.edu Subject: Re: iSCSI: SecurityContextComplete without operational parameters Julian, This thread seems to have gone a bit further than my original request. I don't see an answer to the below. Can you please let me know? Again, all I am asking is that both initiator and target have the same rule. It seems simple and constructive to do so. I can rationalize it again if you like. Eddy ----- Original Message ----- From: "Eddy Quicksall" <ESQuicksall@hotmail.com> To: "Julian Satran" <Julian_Satran@il.ibm.com> Cc: <ips@ece.cmu.edu> Sent: Wednesday, July 25, 2001 4:23 PM Subject: Re: iSCSI: SecurityContextComplete without operational parameters > I'm not sure we are talking the same thing. What I'm asking is that the > target and initiator both have the same rule regarding the fact that "it > MUST NOT start sending operational parameters within the same text command" > when SecurityContextComplete=yes. > > If the initiator has been the last to complete the handshake it > MUST NOT start sending operational parameters within the same > text command. > > Eddy > ----- Original Message ----- > From: "Julian Satran" <Julian_Satran@il.ibm.com> > To: <ips@ece.cmu.edu> > Sent: Wednesday, July 25, 2001 2:49 AM > Subject: Re: iSCSI: SecurityContextComplete without operational parameters > > > > Eddy, > > > > I understood what you are asking but I don't necessarily agree. > Operational > > parameters are problematic if you want them exchanged in a secure > > environment. If not you should be able to handle them as you should be > able > > to handle > > any set of parameters on the same PDU. The need to keep them and perhaps > > reset them is part of the negotiation process. > > > > Julo > > > > "Eddy Quicksall" <ESQuicksall@hotmail.com> on 24-07-2001 20:35:18 > > > > Please respond to "Eddy Quicksall" <ESQuicksall@hotmail.com> > > > > To: Julian Satran/Haifa/IBM@IBMIL > > cc: ips@ece.cmu.edu > > Subject: Re: iSCSI: SecurityContextComplete without operational > parameters > > > > > > > > > > What I was actually asking for is that the target would not send any > > operational parameters in the same PDU as the SecurityContextComplete. > > Rationalization given below. > > > > Eddy > > > > ----- Original Message ----- > > From: "Julian Satran" <Julian_Satran@il.ibm.com> > > To: <ips@ece.cmu.edu> > > Sent: Tuesday, July 24, 2001 10:08 AM > > Subject: Re: iSCSI: SecurityContextComplete without operational parameters > > > > > > > the new text will read: > > > > > > If the initiator has been the last to complete the handshake it > > MUST > > > NOT start sending operational parameters that need to be protected > > > within the same text command; a text response including only > > > SecurityContextComplete=yes concludes the security sub-phase. Only > > > the following PDU exchange is protected by digests (if any). > > > > > > If the target has been the last to complete the handshake, the initiator > > > can start the operational parameter negotiation with the next text > > command; > > > the security negotiation sub-phase ends with the target text response. > > > However, the target handshake concluding response MUST NOT include > > > operational parameters that need to be protected. Only the following PDU > > > exchange is protected by digests (if any). > > > > > > Julo > > > > > > "Eddy Quicksall" <EQuicksall@mediaone.net> on 24-07-2001 15:55:05 > > > > > > Please respond to "Eddy Quicksall" <EQuicksall@mediaone.net> > > > > > > To: Julian Satran/Haifa/IBM@IBMIL > > > cc: ips@ece.cmu.edu > > > Subject: iSCSI: SecurityContextComplete without operational parameters > > > > > > > > > > > > > > > In section "4.2 iSCSI Security and Integrity Negotiation", it would be > > best > > > if the target is required to send SecurityContextComplete=yes without > any > > > new operational parameters within the same PDU. > > > > > > It makes coding cleaner because the initiator can have a simple > > > send/receive > > > loop that pops out when security is complete. If operational parameters > > are > > > allowed with SecurityContextComplete=yes, the initiator's security > module > > > must also have operational parameter code or it must set flags, leave > > > information in buffers, etc that all create messy code. > > > > > > The spec says: > > > > > > If the initiator has been the last to complete the handshake > > it > > > MUST NOT start sending operational parameters within the same > > > text command. > > > > > > How about if we say the same thing for the target? There shouldn't be > any > > > harm because I suspect everyone is doing that anyway. > > > > > > Comments? > > > > > > > > > Eddy_Quicksall@iVivity.com > > > > > > > > > > > > > > > > > > > > > > > >
Home Last updated: Tue Sep 04 01:04:11 2001 6315 messages in chronological order |