Re: iSCSI Login Questions

[Steve Senum <ssenum@cisco.com>]

Julian:

If the sequences mentioned below are all valid,
plus the trivial sequence:

I-> Login
I-> Login-PR

where these are all followed by Operational
Parameter negotiation, I have a concern.

Since either side is allowed to initiate
the SecurityContextComplete=yes handshake,
I would think that either Initiator or Target
would transition to the next phase too soon
if one side thought the handshake was needed,
and the other side didn't.

The only way I see to keep this from happening
is either:

1. Don't allow the SecurityContextComplete=yes handshake
unless AuthMethod, HeaderDigest, or DataDigest keys
have been offered.

2. Always require the SecurityContextComplete=yes handshake.

Regards,
Steve Senum



Julian Satran wrote:
> 
> Yes that is (in 07)  a legitmate sequence.  Julo
> 
> Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19
> 
> Please respond to Steve Senum <ssenum@cisco.com>
> 
> To:   ietf-ips <ips@ece.cmu.edu>
> cc:
> Subject:  Re: iSCSI Login Questions
> 
> Julian,
> 
> Is it valid (under draft -07) to offer the
> SecurityContextComplete key without the AuthMethod,
> HeaderDigest or DataDigest keys having been offered?
> 
> In other words, are the following sequences valid?
> 
> Sequence 1:
> 
> I-> Login    SecurityContextComplete=yes
> T-> Login-PR SecurityContextComplete=yes
> 
> Sequence 2:
> 
> I-> Login
> T-> Login-PR SecurityContextComplete=yes
> I-> Text     SecurityContextComplete=yes
> T-> Text     SecurityContextComplete=yes
> 
> Sequence 3:
> 
> I-> Login
> I-> Login-PR
> I-> Text     SecurityContextComplete=yes
> T-> Text     SecurityContextComplete=yes
> 
> Thanks,
> Steve Senum