|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI padding should be 0The security concern (as far as I can understand it) is leaking information from old buffers. Julo "Eddy Quicksall" <ESQuicksall@hotmail.com> on 30-07-2001 17:43:02 Please respond to "Eddy Quicksall" <ESQuicksall@hotmail.com> To: ips@ece.cmu.edu, Julian Satran/Haifa/IBM@IBMIL cc: Subject: Re: iSCSI padding should be 0 Software padding can be expensive if their is a requirement that the pad must be 0. I have given the reason below. BTW, where is the security problem? In an earlier EMAIL, I suggested a security issue but I gave a paranoid case. Do you have a simple security case? Eddy ----- Original Message ----- From: "Julian Satran" <Julian_Satran@il.ibm.com> To: <ips@ece.cmu.edu> Sent: Saturday, July 28, 2001 12:36 AM Subject: Re: iSCSI padding should be 0 > Is the software padding more expensive than checking if there is a CRC (or > any other digest)? > On the other hand CRCs don't require the bytes to be 0 they can be > arbitrary values. > The 0 was brought in to avoid "leakage" (security) by somebody on the list. > We can choose to revert to arbitrary and leave the burden of cleaning to > the applications for which security is a concern. > > Julo > > "Eddy Quicksall" <ESQuicksall@hotmail.com> on 27-07-2001 22:05:59 > > Please respond to "Eddy Quicksall" <ESQuicksall@hotmail.com> > > To: Julian Satran/Haifa/IBM@IBMIL > cc: "ips" <ips@ece.cmu.edu> > Subject: Re: iSCSI padding should be 0 > > > > > I saw one objection to this by Michael Fischer > [Michael_Fischer@adaptec.com]. He pointed out that if there is no CRC then > why require the padding to be 0. I agree with his point. > > The problem is with software only implementations ... if they use the > sockets send function and if they are sending from a ULP buffer and if the > data being sent needs padding, they will have to either copy to another > buffer or do an extra tiny send for the pad. > > So, my thinking is that we say: > > iSCSI PDUs are padded to an integer number of 4 byte words. If CRC is > being used, the padding MUST be 0. If CRC is not being used, the content of > the padding is unpredictable and irrelevent. > > What do you think? > > Eddy > ----- Original Message ----- > From: "Julian_Satran/Haifa/IBM%IBMIL" <julian_satran@il.ibm.com> > To: <eddy_quicksall@ivivity.com> > Cc: "ips" <ips@ece.cmu.edu> > Sent: Friday, July 27, 2001 11:45 AM > Subject: Re: iSCSI padding should be 0 > > > > > > Perhaps we should say MUST be sent as 0 and keep quiet about what the > > receiver should do (check for 0 - we don't want that). > > > > Thanks,Julo > > > > "Eddy Quicksall" <eddy_quicksall@ivivity.com> on 27-07-2001 18:18:33 > > > > Please respond to eddy_quicksall@ivivity.com > > > > To: Julian Satran/Haifa/IBM@IBMIL, ips@ece.cmu.edu > > cc: > > Subject: iSCSI padding should be 0 > > > > > > > > > > Julian, > > > > Section 2.1 says the padding should be 0. I guess that is correct because > > one may not use CRC and therefore may not want to set them to 0. Wouldn't > > it > > be better if section 2.1 was more specific and mentioned when they must > be > > 0 > > if there is a CRC. Also, I noticed at the UNH plug fest that at least one > > person thought "should" meant "must". Therefore, I don't think it should > > say > > "should" ... I think it should not mention the 0'ness unless there is a > CRC > > present. > > > > Also, > > > > transmission. Padding bytes, when presents in a segment covered > by > > a > > CRC, have to be set to 0 and are included in the CRC. > > > > should say "when present in". > > > > Eddy_Quicksall@iVivity.com > > > > > > > > > > > > > >
Home Last updated: Tue Sep 04 01:04:09 2001 6315 messages in chronological order |