|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI login phasing> The security purists will object (with good reason) to the names being > disclosed before security is established > when they are not needed for security. > > Mandating always 2 phases is wastefull for those cases in which the > security negotiation is in fact bypassed. > > Stating the phase explicitly solves both those problems. > > Julo Julian: 1. Requiring the InitiatorName and TargetName keys on the login is independent of whether the phase is stated explicitly. a) If the phase is explicitly stated, we could still mandate that these keys always be required in the security phase. This makes your proposal identical to mine with respect to this issue. b) If the phase is not explicitly stated, we could drop the mandate that these keys always be required. This makes my proposal identical to yours with respect to this issue. As you state, security purists would argue that these keys not be required before security is established. Fine, but that does not argue either for or against your new proposal to explicitly state the phase. 2. Your new proposal to require a handshake at the end of both the security phase and the operational phase can also be considered wasteful, because now it will require two handshakes when both security and operational parameters are to be negotiated, whereas only one handshake is required in my approach. To compare the two approaches: a) No security, no operational: New proposal - no handshakes (if this is legal, see below) Previous proposal - 1 handshake b) Security, no operational: New proposal - 1 handshake Previous proposal - 1 handshake c) No security, operational: New proposal - 1 handshake Previous proposal - 1 handshake d) Security, operational New proposal - 2 handshakes Previous proposal - 1 handshake So which is more wasteful -- your new proposal that requires 2 handshakes in case d, or my previous proposal that requires 1 handshake in case a? Note also that my previous proposal always required exactly 1 handshake, wherease your new proposal has a varying number, depending on the context. 3. I do not believe the new proposal solves either problem, nor do I believe it simplifies anything. Attached is an ASCII text file containing the state diagram of the target for your new proposal as I interpret it, and I would welcome your comments/corrections to it, as I may not be interpreting it correctly. If my interpretation of your new proposal is correct, then your target requires 7 states and 14 transitions, instead of 5 states and 7 transitions in my previous target state diagram. Clearly the previous target is simpler by the measure of the number of states and/or the number of transitions. I have not had time to produce a detailed diagram for the initiator, but your proposal does not seem to either add or delete states from my previous initiator state diagram. To make this new diagram easier to compare with my previous diagram for the target, I labeled the new states T6 and T7, and the new transitions Z8 through Z14. If this new proposal is accepted, I would certainly relabel the states and transitions to be easier to follow. In his e-mail of 27-July Steve Senum asked 2 questions, which I repeat here: 1. Is the Initiator required to start with either a SecurityPhase=start or an OperationalPhase=start on the initial login command? 2. If the Initiator started with OperationalPhase=start, does the target have any way to force a SecurityPhase=start? In your reply of 28-July you did not answer either question directly, so I am assuming that the answer to both questions is No. Is this a correct assumption? If this is not true for question 1, (i.e., if the login must contain either SecurityPhase=start or OperationalPhase=start), then just eliminate the transition labeled Z9 in my new diagram. If this is not true for question 2, (i.e., if the target can force SecurityPhase=start), then there will be a need to add additional states and/or transitions to the new diagram. One final point about simplification -- your new proposal requires the addition of 4 new key-value pairs (SecurityPhase=start, SecurityPhase=end, OperationalPhase=start, OperationalPhase=end) and the elimination of 1 existing key-value pair (SecurityContextComplete=yes). My proposal keeps the SecurityContextComplete=yes key, and introduces no new keys. (I believe the OpParmReset key would be eliminated in both proposals.) Which is simpler and by what measure? Clearly there is a direct cost to your proposal in terms of added states and transitions. Comments please. Bob Russell InterOperability Lab University of New Hampshire rdr@iol.unh.edu 603-862-3774 Login Phase Processing for an iSCSI Target Based on the proposal by Julian Satran in his e-mail of 27-July The target has 7 states: T1: Await Login T2: Negotiate Security T3: Leave Security T6: Await Continuation T4: Negotiate Operational T7: Leave Operational T5: Full Feature Phase There are 14 allowed transitions: From \ To-> T1 | T2 | T3 | T4 | T5 | T6 | T7 | ------\---+--------+-------+-------+-------+-------+-------+-------+ T1 | | Z1 | | Z8 | Z9 | | Z10 | -------+--------+-------+-------+-------+-------+-------+-------+ T2 | | Z2 | Z3 | | | Z4 | | -------+--------+-------+-------+-------+-------+-------+-------+ T3 | | | | | | Z5 | | -------+--------+-------+-------+-------+-------+-------+-------+ T6 | | | | Z11 | Z12 | | Z13 | -------+--------+-------+-------+-------+-------+-------+-------+ T4 | | | | | | | Z14 | -------+--------+-------+-------+-------+-------+-------+-------+ T7 | | | | Z6 | Z7 | | | -------+--------+-------+-------+-------+-------+-------+-------+ T5 | | | | | | | | -------+--------+-------+-------+-------+-------+-------+-------+ Initial state: T1 - entered when Target successfully accepts a TCP connection with an initiator Final state: T5 - a transition into this state enters Full Feature Phase Transitions: Z1: Taken when: Target receives Login Command from initiator with F=0, with SecurityPhase=start, optionally with SessionType=Normal key, and with security keys offered by initiator Action: Send Login Response with F=0 and with status=0x0001 or 0x0002 as appropriate and with replies to security keys offered by initiator and with any additional security keys to offer to initiator Z2: Taken when: Target receives Text Command from initiator with F=0, with any replies to security keys offered on Z1 or Z2, and with any security keys offered by initiator, and possibly with SecurityPhase=end key and Target wants to offer additional security keys to initiator that require a reply from initiator Action: Send Text Response with F=0 and with any replies to security keys offered by initiator and with any additional security keys to offer to initiator Z3: Taken when: Target receives Text Command from initiator with F=0, with any replies to security keys offered on Z1 or Z2, and with any security keys offered by initiator and Target does not want to offer additional security keys to initiator that require a reply from initiator Action: Send Text Response with F=0 and with any replies to security keys offered by initiator and with any additional security keys to offer to initiator and with SecurityPhase=end Z4: Taken when: Target receives Text Command from initiator with F=0, with any replies to security keys offered on Z1 or Z2, and with any security keys offered by initiator and with SecurityPhase=end and Target does not need to reply to security keys from initiator and Target does not want to offer additional security keys to initiator Action: 1. Send Text Response with F=0 and with SecurityPhase=end as only key 2. Put all negotiated security measures into effect Z5: Taken when: Target receives Text Command from initiator with F=0 and with SecurityPhase=end as only key Action: Same as actions on Z4 Z6: Taken when: Target receives Text Command from initiator with F=1, with any replies to operational keys target offered on Z14, and with any operational keys offered by initiator and Target wants to offer additional operational keys that require a reply from initiator Action: Send Text Response with F=0 and with any replies to operational keys offered by initiator and with all additional operational keys to offer to initiator Z7: Taken when: Target receives Text Command from initiator with F=1, with any replies to operational keys target offered on Z12 or Z14, with any operational keys offered by initiator that do not require a reply from target, and with OperationalPhase=end key and Target does not want to offer additional operational keys that require a reply from initiator Action: Send Login Response with F=1 and with status=0x0000 and with OperationalPhase=end as only key Z8: Taken when: Target receives Login Command from initiator with F=0, with OperationalPhase=start, and with any operational keys offered by initiator and Target wants to offer additional operational keys that require a reply from initiator Action: Send Login Response with F=0 and with status=0x0001 or 0x0002 as appropriate and with any replies to operational keys offered by initiator and with all additional operational keys to offer to initiator Z9: Taken when: Target receives Login Command from initiator with F=1, and no security or operational keys offered by initiator and Target does not want to offer additional operational keys that require a reply from initiator Action: Send Login Response with F=1 and with status=0x0000 and with only informational keys to offer to initiator Z10:Taken when: Target receives Login Command from initiator with F=0, with OperationalPhase=start, and with any operational keys offered by initiator and Target does not want to offer additional operational keys that require a reply from initiator Action: Send Login Response with F=0 and with status=0x0001 or 0x0002 as appropriate and with any replies to operational keys offered by initiator and with all additional operational keys to offer to initiator (that do not require a reply from initiator) and with OperationalPhase=end Z11:Taken when: Target receives Text Command from initiator with F=0, with OperationalPhase=start, and with any operational keys offered by initiator and Target wants to offer additional operational keys that require a reply from initiator Action: Same as action on Z6 Z12:Taken when: Target receives Text Command from initiator with F=1, and no operational keys offered by initiator Action: Send Login Response with F=1 and with status=0x0000 and with only informational keys to offer to initiator Z13:Taken when: Target receives Text Command from initiator with F=0, with OperationalPhase=start, and with any operational keys offered by initiator and Target does not want to offer additional operational keys that require a reply from initiator Action: Send Text Response with F= 0 and with any replies to operational keys offered by initiator and with all additional operational keys to offer to initiator (that do not require a reply from initiator) and with OperationalPhase=end Z14:Taken when: Target receives Text Command from initiator with F=0, with replies to operational keys offered in Z6 or Z11, and with any operational keys offered by initiator and Target does not want to offer additional operational keys that require a reply from initiator Action: Same as action on Z13
Home Last updated: Tue Sep 04 01:04:08 2001 6315 messages in chronological order |