Re: iSCSI: Option Preference (was Login Proposal)

[Steve Senum <ssenum@cisco.com>]

Not to try to beat this into the ground anymore
then already has been done, but...

Many months ago, when I first looked over
the iSCSI spec, I remember thinking it was
kind of odd for the side being authenticated
to control the possible options.  Other
protocols I have worked with would have the
side driving the authentication (i.e., the Target)
control this.

If the IPS group wants to stay with the
current target-really-controls-authentication
notion, we might want to go a step further,
and allow only the Target to send the AuthMethod
key out.

Just a thought,
Steve Senum

Sandeep Joshi wrote:
> 
> Steve,
> 
> That would be the initiator's preference...accept a "none"
> or drop the connection.
> 
> Marjorie's point is that conceptually user/IIN authentication
> would be controlled by the target (i.e. the server).
> 
> Once the endpoints are authenticated (e.g. by IPSec), then
> ITN/IIN authentication will be driven by the server (target)
> 
> This is analogous to a RAS scenario in ipsra,
> http://www.ietf.org/internet-drafts/draft-ietf-ipsra-reqmts-03.txt)
> ( umm..please dont extend this analogy too far :-) )
> 
> regards,
> -Sandeep