RE: iSCSI: Login Proposal

To: "'Steve Senum'" <ssenum@cisco.com>, ietf-ips <ips@ece.cmu.edu>
Subject: RE: iSCSI: Login Proposal
From: "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>
Date: Wed, 22 Aug 2001 09:24:21 +0100
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Hi Steve,

I forgot to answer your latter two questions in my earlier email!

Comments within:-

Cheers

Matthew

-----Original Message-----
From: Steve Senum [mailto:ssenum@cisco.com]
Sent: Tuesday, August 21, 2001 9:14 PM
To: ietf-ips
Subject: Re: iSCSI: Login Proposal


Matthew/Marjorie/Bob:

Some questions on your login proposal:

1. Why the following restriction?

    SecurityContextComplete=yes MUST NOT be present
    in the login command.

I don't see the benefit in not allowing something like:

I: AuthMethod:none
   HeaderDigest:crc-32c,none
   DataDigest:crc-32c,none
   SecurityContextComplete=yes
T: AuthMethod:none
   HeaderDigest:crc-32c
   DataDigest:crc-32c
   SecurityContextComlete=yes

2. In the following:

    If the login command does not contain security parameters
    the target MUST perform one of the two actions below:

    a) If the target requires security negotiation
       to be performed, then it MUST enter the security
       phase and MUST send a text response containing
       one or more security parameters and F=0.

    b)

Is this really needed?  Why not simply require the
initiator to offer security parameters if it supports them?
I would hope authentication would become the typical case
for login.

MATTHEW: So I was maintaining flexibility here.  If an initiator prefers not
to negotiate security then why force it? Also, the login is faster if
neither side want to negotiate security.  I think the majority of people
would go for flexibility and provided that the procedure caters for all four
scenarios of either side wanting/not wanting security then the flexibility
should be present.  In other words, as long as the flexibility does not
cause interoperability problems and allows everyone to do what they want to
do then the flexibility should be there. I agree that the typical case would
be to include authentication but some people will always want to skip it.

3. Is there only one Login Reponse then (just asking)?

MATTHEW: yes.  In deriving the proposal we came to the conclusion that the
partial login response is unnecessary so we removed it.  Also, some
implementers have said that this makes the implementation easier as they
will always return a text response unless login is completed (successfully
or otherwise).

Regards,
Steve Senum

Prev by Date: RE: iSCSI: Login Proposal
Next by Date: iSCSI - Change - Login/Text commands with the binary stage code
Prev by thread: RE: iSCSI: Login Proposal
Next by thread: RE: iSCSI: Login Proposal
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:57 2001
6315 messages in chronological order