SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI Login Questions



    Julian,
    
    I don't think I was clear in my last message.
    My concern is not with the details of the
    handshake.  I think those are clearly specified
    in the current draft.
    
    My concern is under what conditions the handshake
    is done.
    
    By my current (perhaps wrong) understanding of
    draft -07, if AuthMethod, HeaderDigest, or DataDigest
    is offered in the opening login cmd/login rsp,
    then the handshake is a MUST.
    If AuthMethod, HeaderDigest and DataDigest
    are all not offered, then the handshake is a MAY.
    
    It is the second part (the MAY) of this I am having
    trouble with.  I believe it needs to be either
    a MUST (handshake all the time), or a MUST NOT
    (handshake not allowed if AuthMethod, HeaderDigest
    or DataDigest all not offered).
    
    Regards,
    Steve Senum
    
    
    Julian Satran wrote:
    > 
    > Steve,
    > 
    > The sequence was meant to end always with an I,T handshake. If T starts it
    > then we have a T,I,T exchange
    > This is what I suggest for the my new proposal too. Phase transition starts
    > always after a complete "instruction" (request response).
    > 
    > Julo
    > 
    > Steve Senum <ssenum@cisco.com> on 27-07-2001 02:35:41
    > 
    > Please respond to Steve Senum <ssenum@cisco.com>
    > 
    > To:   ips@ece.cmu.edu
    > cc:
    > Subject:  Re: iSCSI Login Questions
    > 
    > Julian:
    > 
    > If the sequences mentioned below are all valid,
    > plus the trivial sequence:
    > 
    > I-> Login
    > I-> Login-PR
    > 
    > where these are all followed by Operational
    > Parameter negotiation, I have a concern.
    > 
    > Since either side is allowed to initiate
    > the SecurityContextComplete=yes handshake,
    > I would think that either Initiator or Target
    > would transition to the next phase too soon
    > if one side thought the handshake was needed,
    > and the other side didn't.
    > 
    > The only way I see to keep this from happening
    > is either:
    > 
    > 1. Don't allow the SecurityContextComplete=yes handshake
    > unless AuthMethod, HeaderDigest, or DataDigest keys
    > have been offered.
    > 
    > 2. Always require the SecurityContextComplete=yes handshake.
    > 
    > Regards,
    > Steve Senum
    > 
    > Julian Satran wrote:
    > >
    > > Yes that is (in 07)  a legitmate sequence.  Julo
    > >
    > > Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19
    > >
    > > Please respond to Steve Senum <ssenum@cisco.com>
    > >
    > > To:   ietf-ips <ips@ece.cmu.edu>
    > > cc:
    > > Subject:  Re: iSCSI Login Questions
    > >
    > > Julian,
    > >
    > > Is it valid (under draft -07) to offer the
    > > SecurityContextComplete key without the AuthMethod,
    > > HeaderDigest or DataDigest keys having been offered?
    > >
    > > In other words, are the following sequences valid?
    > >
    > > Sequence 1:
    > >
    > > I-> Login    SecurityContextComplete=yes
    > > T-> Login-PR SecurityContextComplete=yes
    > >
    > > Sequence 2:
    > >
    > > I-> Login
    > > T-> Login-PR SecurityContextComplete=yes
    > > I-> Text     SecurityContextComplete=yes
    > > T-> Text     SecurityContextComplete=yes
    > >
    > > Sequence 3:
    > >
    > > I-> Login
    > > I-> Login-PR
    > > I-> Text     SecurityContextComplete=yes
    > > T-> Text     SecurityContextComplete=yes
    > >
    > > Thanks,
    > > Steve Senum
    


Home

Last updated: Tue Sep 04 01:04:11 2001
6315 messages in chronological order