|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Login QuestionsJulian: If the sequences mentioned below are all valid, plus the trivial sequence: I-> Login I-> Login-PR where these are all followed by Operational Parameter negotiation, I have a concern. Since either side is allowed to initiate the SecurityContextComplete=yes handshake, I would think that either Initiator or Target would transition to the next phase too soon if one side thought the handshake was needed, and the other side didn't. The only way I see to keep this from happening is either: 1. Don't allow the SecurityContextComplete=yes handshake unless AuthMethod, HeaderDigest, or DataDigest keys have been offered. 2. Always require the SecurityContextComplete=yes handshake. Regards, Steve Senum Julian Satran wrote: > > Yes that is (in 07) a legitmate sequence. Julo > > Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19 > > Please respond to Steve Senum <ssenum@cisco.com> > > To: ietf-ips <ips@ece.cmu.edu> > cc: > Subject: Re: iSCSI Login Questions > > Julian, > > Is it valid (under draft -07) to offer the > SecurityContextComplete key without the AuthMethod, > HeaderDigest or DataDigest keys having been offered? > > In other words, are the following sequences valid? > > Sequence 1: > > I-> Login SecurityContextComplete=yes > T-> Login-PR SecurityContextComplete=yes > > Sequence 2: > > I-> Login > T-> Login-PR SecurityContextComplete=yes > I-> Text SecurityContextComplete=yes > T-> Text SecurityContextComplete=yes > > Sequence 3: > > I-> Login > I-> Login-PR > I-> Text SecurityContextComplete=yes > T-> Text SecurityContextComplete=yes > > Thanks, > Steve Senum
Home Last updated: Tue Sep 04 01:04:11 2001 6315 messages in chronological order |