SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI Login Questions



    Steve,
    
    The sequence was meant to end always with an I,T handshake. If T starts it
    then we have a T,I,T exchange
    This is what I suggest for the my new proposal too. Phase transition starts
    always after a complete "instruction" (request response).
    
    Julo
    
    
    
    Steve Senum <ssenum@cisco.com> on 27-07-2001 02:35:41
    
    Please respond to Steve Senum <ssenum@cisco.com>
    
    To:   ips@ece.cmu.edu
    cc:
    Subject:  Re: iSCSI Login Questions
    
    
    
    
    Julian:
    
    If the sequences mentioned below are all valid,
    plus the trivial sequence:
    
    I-> Login
    I-> Login-PR
    
    where these are all followed by Operational
    Parameter negotiation, I have a concern.
    
    Since either side is allowed to initiate
    the SecurityContextComplete=yes handshake,
    I would think that either Initiator or Target
    would transition to the next phase too soon
    if one side thought the handshake was needed,
    and the other side didn't.
    
    The only way I see to keep this from happening
    is either:
    
    1. Don't allow the SecurityContextComplete=yes handshake
    unless AuthMethod, HeaderDigest, or DataDigest keys
    have been offered.
    
    2. Always require the SecurityContextComplete=yes handshake.
    
    Regards,
    Steve Senum
    
    
    
    Julian Satran wrote:
    >
    > Yes that is (in 07)  a legitmate sequence.  Julo
    >
    > Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19
    >
    > Please respond to Steve Senum <ssenum@cisco.com>
    >
    > To:   ietf-ips <ips@ece.cmu.edu>
    > cc:
    > Subject:  Re: iSCSI Login Questions
    >
    > Julian,
    >
    > Is it valid (under draft -07) to offer the
    > SecurityContextComplete key without the AuthMethod,
    > HeaderDigest or DataDigest keys having been offered?
    >
    > In other words, are the following sequences valid?
    >
    > Sequence 1:
    >
    > I-> Login    SecurityContextComplete=yes
    > T-> Login-PR SecurityContextComplete=yes
    >
    > Sequence 2:
    >
    > I-> Login
    > T-> Login-PR SecurityContextComplete=yes
    > I-> Text     SecurityContextComplete=yes
    > T-> Text     SecurityContextComplete=yes
    >
    > Sequence 3:
    >
    > I-> Login
    > I-> Login-PR
    > I-> Text     SecurityContextComplete=yes
    > T-> Text     SecurityContextComplete=yes
    >
    > Thanks,
    > Steve Senum
    
    
    
    


Home

Last updated: Tue Sep 04 01:04:11 2001
6315 messages in chronological order