|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Login QuestionsJulian, I don't think I was clear in my last message. My concern is not with the details of the handshake. I think those are clearly specified in the current draft. My concern is under what conditions the handshake is done. By my current (perhaps wrong) understanding of draft -07, if AuthMethod, HeaderDigest, or DataDigest is offered in the opening login cmd/login rsp, then the handshake is a MUST. If AuthMethod, HeaderDigest and DataDigest are all not offered, then the handshake is a MAY. It is the second part (the MAY) of this I am having trouble with. I believe it needs to be either a MUST (handshake all the time), or a MUST NOT (handshake not allowed if AuthMethod, HeaderDigest or DataDigest all not offered). Regards, Steve Senum Julian Satran wrote: > > Steve, > > The sequence was meant to end always with an I,T handshake. If T starts it > then we have a T,I,T exchange > This is what I suggest for the my new proposal too. Phase transition starts > always after a complete "instruction" (request response). > > Julo > > Steve Senum <ssenum@cisco.com> on 27-07-2001 02:35:41 > > Please respond to Steve Senum <ssenum@cisco.com> > > To: ips@ece.cmu.edu > cc: > Subject: Re: iSCSI Login Questions > > Julian: > > If the sequences mentioned below are all valid, > plus the trivial sequence: > > I-> Login > I-> Login-PR > > where these are all followed by Operational > Parameter negotiation, I have a concern. > > Since either side is allowed to initiate > the SecurityContextComplete=yes handshake, > I would think that either Initiator or Target > would transition to the next phase too soon > if one side thought the handshake was needed, > and the other side didn't. > > The only way I see to keep this from happening > is either: > > 1. Don't allow the SecurityContextComplete=yes handshake > unless AuthMethod, HeaderDigest, or DataDigest keys > have been offered. > > 2. Always require the SecurityContextComplete=yes handshake. > > Regards, > Steve Senum > > Julian Satran wrote: > > > > Yes that is (in 07) a legitmate sequence. Julo > > > > Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19 > > > > Please respond to Steve Senum <ssenum@cisco.com> > > > > To: ietf-ips <ips@ece.cmu.edu> > > cc: > > Subject: Re: iSCSI Login Questions > > > > Julian, > > > > Is it valid (under draft -07) to offer the > > SecurityContextComplete key without the AuthMethod, > > HeaderDigest or DataDigest keys having been offered? > > > > In other words, are the following sequences valid? > > > > Sequence 1: > > > > I-> Login SecurityContextComplete=yes > > T-> Login-PR SecurityContextComplete=yes > > > > Sequence 2: > > > > I-> Login > > T-> Login-PR SecurityContextComplete=yes > > I-> Text SecurityContextComplete=yes > > T-> Text SecurityContextComplete=yes > > > > Sequence 3: > > > > I-> Login > > I-> Login-PR > > I-> Text SecurityContextComplete=yes > > T-> Text SecurityContextComplete=yes > > > > Thanks, > > Steve Senum
Home Last updated: Tue Sep 04 01:04:11 2001 6315 messages in chronological order |