RE: iSCSI: Login Proposal

To: "'Steve Senum'" <ssenum@cisco.com>, ietf-ips <ips@ece.cmu.edu>
Subject: RE: iSCSI: Login Proposal
From: "Wheat, Stephen R" <stephen.r.wheat@intel.com>
Date: Tue, 21 Aug 2001 14:11:06 -0700
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Good questions, Steve.

Question 2 caused me to ponder the concept of key-value preferences.  I.e.,
I suspect that the concept in the proposed login spec was to address that
the initiator may prefer to not have any security digests, but might be able
to negotiate them if the target insisted.

I cannot find anywhere in the I-D that states that a recipient MUST consider
key=v1,v2,v3 as the sender having preference of v1 over v2, and v2 over v3.
Thus, I second Q2, but only if key values are to be interpreted in
preferential order.  Thus, an initiator could send
"DataDigest=none,crc32-c,SPKM", and the target's response MUST honor the
preference order.

So, Q4 is: should the values in a key-value list be consider the sender's
preference order that the receiver must honor?

Stephen

-----Original Message-----
From: Steve Senum [mailto:ssenum@cisco.com]
Sent: Tuesday, August 21, 2001 1:14 PM
To: ietf-ips
Subject: Re: iSCSI: Login Proposal


Matthew/Marjorie/Bob:

Some questions on your login proposal:

1. Why the following restriction?

    SecurityContextComplete=yes MUST NOT be present
    in the login command.

I don't see the benefit in not allowing something like:

I: AuthMethod:none
   HeaderDigest:crc-32c,none
   DataDigest:crc-32c,none
   SecurityContextComplete=yes
T: AuthMethod:none
   HeaderDigest:crc-32c
   DataDigest:crc-32c
   SecurityContextComlete=yes

2. In the following:

    If the login command does not contain security parameters
    the target MUST perform one of the two actions below:

    a) If the target requires security negotiation
       to be performed, then it MUST enter the security
       phase and MUST send a text response containing
       one or more security parameters and F=0.

    b)

Is this really needed?  Why not simply require the
initiator to offer security parameters if it supports them?
I would hope authentication would become the typical case
for login.

3. Is there only one Login Reponse then (just asking)?

Regards,
Steve Senum

Follow-Ups:
- Re: iSCSI: Login Proposal
  - From: Steve Senum <ssenum@cisco.com>

Prev by Date: Re: iSCSI: Login Proposal
Next by Date: Re: iSCSI: Login Proposal
Prev by thread: RE: Login Proposal
Next by thread: Re: iSCSI: Login Proposal
Index(es):
- Date
- Thread

Home

Last updated: Tue Feb 26 08:18:02 2002
8892 messages in chronological order