|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: Login ProposalSteve, The reason why it was decided to do this was two fold: If the initiator does not want to negotiate security then it must not have any security parameters in the login command. Therefore SecurityContextComplete=yes is unnecessary. If the initiator does want to enter into security as per your example, then it MUST not send SecurityContextComplete=yes as its security context is not yet built: Page 101 of 0.7 states that QUOTE -Every party in the security negotiation indicates that it has completed building its security context (has all the required information) by sending the key=value pair: SecurityContextComplete=yes UNQUOTE My understanding is that its security context is not yet built until it has received the security parameter replies from (in your example) the initiator. Cheers Matthew -----Original Message----- From: Steve Senum [mailto:ssenum@cisco.com] Sent: Tuesday, August 21, 2001 9:14 PM To: ietf-ips Subject: Re: iSCSI: Login Proposal Matthew/Marjorie/Bob: Some questions on your login proposal: 1. Why the following restriction? SecurityContextComplete=yes MUST NOT be present in the login command. I don't see the benefit in not allowing something like: I: AuthMethod:none HeaderDigest:crc-32c,none DataDigest:crc-32c,none SecurityContextComplete=yes T: AuthMethod:none HeaderDigest:crc-32c DataDigest:crc-32c SecurityContextComlete=yes 2. In the following: If the login command does not contain security parameters the target MUST perform one of the two actions below: a) If the target requires security negotiation to be performed, then it MUST enter the security phase and MUST send a text response containing one or more security parameters and F=0. b) Is this really needed? Why not simply require the initiator to offer security parameters if it supports them? I would hope authentication would become the typical case for login. 3. Is there only one Login Reponse then (just asking)? Regards, Steve Senum
Home Last updated: Tue Sep 04 01:03:57 2001 6315 messages in chronological order |