RE: iSCSI: Login Proposal

To: ietf-ips <ips@ece.cmu.edu>
Subject: RE: iSCSI: Login Proposal
From: "KRUEGER,MARJORIE (HP-Roseville,ex1)" <marjorie_krueger@hp.com>
Date: Wed, 22 Aug 2001 13:14:46 -0700
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

I meant only to point out that it's the target that must dictate the
security environment, not the initiator.  The initiator is only
communicating a preference.  So yes, I agree with you, but Ron's comment was

> > 	I expect this to be under the control of the sys admin
> > through some kind of config at the initiator side. I think a
> > good guide to keep in mind with all this is that it is the
> > initiator's data, and so it seems reasonable to let the
> > initiator control connection security and integrity.

and I'm thinking it's the other way around.  The initiator has a role, but
it is the requestor of a service, not the "server" hence the target really
controls security.  Of course, ultimately, the system admin controls
everything, but we don't get to write his/her "protocol"  :-) 

Marjorie Krueger
Networked Storage Architecture
Networked Storage Solutions Org.
Hewlett-Packard
tel: +1 916 785 2656
fax: +1 916 785 0391
email: marjorie_krueger@hp.com 

> -----Original Message-----
> From: Wheat, Stephen R [mailto:stephen.r.wheat@intel.com]
> Sent: Wednesday, August 22, 2001 11:02 AM
> To: ietf-ips
> Subject: RE: iSCSI: Login Proposal
> 
> 
> Marjorie,
> 
> I agree with your premise that the target must be allowed to 
> not just let
> anyone in.
> 
> But why isn't this already covered by the ability of the sys admin to
> configure the target to only agree to certain offerings?  Quoting from
> 1.2.4, with my
> emphasis,
>    "The responding party answers with the first value from the list it
> supports and
>     is **allowed** to use for the specific initiator."
> 
> 
> For some network interfaces,
> the sys admin could rely upon physical security and other 
> means inherent to
> the
> environment.  In such cases, the admin could configure the 
> target to follow
> the
> initiator's preferences, including "none".
> 
> For other network interfaces where the environment is not inherently
> trusted,
> the sysadmin would be motivated to not allow the target to
> connect without any authentication; so they'd set it up to not accept
> "none", even
> though the initiator may prefer "none".
> 
> Yes?
> 
> Stephen
> 
> -----Original Message-----
> From: KRUEGER,MARJORIE (HP-Roseville,ex1)
> [mailto:marjorie_krueger@hp.com]
> Sent: Wednesday, August 22, 2001 10:47 AM
> To: 'Rod Harrison'; ietf-ips
> Subject: RE: iSCSI: Login Proposal
> 
> 
> I'm thinking a little differently regarding which party has 
> priority in
> chosing security parameters - while it *may* be the 
> initiators data, this
> can't be established until the initiator is authenticated.  
> Since the target
> is the "server" side, I think the burden is on the target to 
> ensure that
> this is the intended initiator.  Therefore, the target must 
> dictate the
> authentication method used, since it has the security 
> responsibility and the
> "contact point" for potentially malicious entities.  Consider 
> the example
> where an initiator was previously authenticated using 
> Kerberos, the session
> was ended, and a new session is requested by what appears to 
> be the same
> initiator, but the authmethod requested is now "none".  Looks pretty
> suspicious to me.  It seems to me like the target has the 
> responsibility of
> maintaining a consistent authmethod with all initiators that 
> access it,
> therefore the target MUST force the minimum level 
> authorization it requires
> or reject the login request.
> 
> Marjorie Krueger
> Networked Storage Architecture
> Networked Storage Solutions Org.
> Hewlett-Packard
> tel: +1 916 785 2656
> fax: +1 916 785 0391
> email: marjorie_krueger@hp.com 
> 
> > -----Original Message-----
> > From: Rod Harrison [mailto:rod.harrison@windriver.com]
> > Sent: Wednesday, August 22, 2001 4:58 AM
> > To: Wheat, Stephen R; 'Steve Senum'; ietf-ips
> > Subject: RE: iSCSI: Login Proposal
> > 
> > 
> > 
> > 	I think we should view this as the order indicates the
> > initiators preference and the target SHOULD pick the first
> > item from the list it supports. Note that SHOULD allows the
> > target to do something other than pick the first item it
> > supports if it has a good reason to do so, e.g. If it would
> > otherwise terminate the session. The initiator can always
> > terminate the session if it doesn't like what the target
> > chooses.
> > 
> > 	So, to extend your example, as an initiator if I didn't
> > want to do CHAP at all I would send ...
> > 
> > AuthMethod=none
> > 
> > 	if I preferred not to do CHAP but I could tolerate it I
> > would send ...
> > 
> > AuthMethod=none,CHAP
> > 
> > 	and if I would prefer CHAP I would send ...
> > 
> > AuthMethod=CHAP,none
> > 
> > 	I expect this to be under the control of the sys admin
> > through some kind of config at the initiator side. I think a
> > good guide to keep in mind with all this is that it is the
> > initiator's data, and so it seems reasonable to let the
> > initiator control connection security and integrity.
> > 
> > 	- Rod
> > 
>  
>

Follow-Ups:
- Re: iSCSI: Option Preference (was Login Proposal)
  - From: Steve Senum <ssenum@cisco.com>

Prev by Date: FW: draft-ietf-ips-fcovertcpip-05
Next by Date: RE: iSCSI CRC: A CRC-checking example
Prev by thread: RE: iSCSI: Login Proposal
Next by thread: Re: iSCSI: Option Preference (was Login Proposal)
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:56 2001
6315 messages in chronological order