SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: SecurityContextComplete without operational parameters



    > I believe the login process would be considerably simplified if it
    > were cleanly separated into two distinct subphases: the security
    > negotiation subphase, and the operational parameter subphase, with
    > a REQUIRED demarcation line (i.e., the SecurityContextComplete=yes
    > handshake) between them.
    
    I strongly agree with the thrust of Bob's suggestion here, but maybe
    not the details.
    
    Personally, I find the `SecurityContextComplete=' thing a bit of an
    irritant.  It doesn't not add any additional information to either
    end, it only reconfirms that both ends are in sync.  Every security
    handshake has an architected protocol where the completion is
    unambiguous to both ends, assuming the handshake has been properly
    implemented.  As such, the context complete message is something that
    the endpoints must check, but it's a really odd condition if you
    receive it when you're not expecting it.  The exception cases are
    either not getting the `ContextComplete' when you expect it, or
    getting `ContextComplete' prematurely.  Either alternative indicates
    an implementation bug.  Getting it prematurely is somewhat terrifying
    to contemplate :^)
    
    That said I think the login process should have little or NO branching
    complexity to it.  Put another way, a state machine processing login
    would be a single spine, with the only branching being for failure.
    
    The FCP `negotiation' (AKA PRLI) is the right way to go.  That is,
    EVERY parameter included in the request, and in the response.
    
    I also agree that having a strong demarcation between security
    exchange and operational parameter exchange is the right thing to do.
    To be fair, I believe that this demarcation is the intent of the spec
    even if it might not be well explained.
    
    If you wanted to apply the single spine principle to security and
    operational phases, you could stipulate that EVERY login have a
    security exchange, even if it leads to no security.  Personally,
    having a single branch in the login state machine (security ->
    operational or just operational) probably wouldn't make a big
    difference one way or the other.
    
    A key question here is what's our target round trip time?  I think a
    70 MS RTT is a generous target, in which case, I don't see a really
    compelling reason to try an optimize for a single round-trip exchange
    in the no security case.  However, maybe y'all think 1 S RTT is the
    target, in which case having the possibility of one round-trip login
    is a big improvement over a two-round trip login.  Of course, that one
    round-trip wouldn't get you security.
    
    Steph
    


Home

Last updated: Tue Sep 04 01:04:11 2001
6315 messages in chronological order