SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security in iSCSI



    Julian,
    
    > I am certainly not confusing issues.  Removing cryptographic 
    > digests was never a consensus call thing.
    
    Between the Orlando and Nashua interim meetings and the following
    email excerpt from you (my mailer says 8/2/2001 3:14am), I thought
    we had not only WG consensus, but your agreement to remove these
    in favor of using ESP:
    
    > (2) The KRB5 and SPKM inband cryptographic integrity
    > digests on p.136 seem to be relics of a prior inband
    > approach to security.  Has anyone implemented them?
    > Does anyone want them to remain?  Can we just delete
    > them?
    > 
    > +++ Yes - I think we can take them out although UMAC may
    > get-in at some point :-) +++
    
    I'm reasonably certain that WG rough consensus exists to
    remove these digests, specifically the following text from -07:
    
            Implementations MAY also negotiate digests with security
    significance 
            for data authentication and integrity as detailed in the following 
            table: 
              
            +-------------------------------------------------------------+ 
            | Name          | Description                   | Definition  | 
            +-------------------------------------------------------------+ 
            | KRB5_MD5      | the SGN_CKSUM field (8 bytes) | RFC1964     | 
            |               | of the GSS_GetMIC() token in  |             | 
            |               | GSS_KRB5_INTEG_C_QOP_MD5 QOP  |             | 
            |               | (partial MD5 ("MD2.5") )      |             | 
            +-------------------------------------------------------------+ 
            | KRB5_DES_MD5  | the SGN_CKSUM field (8 bytes) | RFC1964     | 
            |               | of the GSS_GetMIC() token in  |             | 
            |               | GSS_KRB5_INTEG_C_QOP_DES_MD5  |             | 
            |               | QOP (DES MAC of MD5)          |             | 
            +-------------------------------------------------------------+ 
            | KRB5_DES_MAC  | the SGN_CKSUM field (8 bytes) | RFC1964     | 
            |               | of the GSS_GetMIC() token in  |             | 
            |               | GSS_KRB5_INTEG_C_QOP_ DES_MAC |             | 
            |               | QOP (DES MAC)                 |             | 
            +-------------------------------------------------------------+ 
            | SPKM          | the int-cksum field of the    | RFC2025     | 
            |               | SPKM-MIC token, calculated    |             | 
            |               | without the optional int-alg  |             | 
            |               | and snd-seq fields of the     |             | 
            |               | mic-header (i.e., the default |             | 
            |               | I-ALG is used, and sequencing |             |   
            |               | service is not used).         |             | 
            +-------------------------------------------------------------+ 
             
            Note: the KRB5_* digests are allowed only when combined with KRB5 
            authentication method (see below) (i.e., the initiator may offer one
    
            of these digests only if it also offers KRB5 as AuthMethod, and the 
            target may respond with one of these digests only if it also
    responds 
            with KRB5 as the AuthMethod). Similarly, the SPKM digest is allowed 
            only when combined with SPKM-1 or SPKM-2 authentication methods (see
    
            below). 
             
            Other and proprietary algorithms MAY also be negotiated. 
            The none value is the only one that MUST be supported.
    
    If necessary, I'm prepared to call consensus over your objection, as
    there were no other comments on the list about this issue.  Keeping
    these digests will only serve to confuse people (e.g., Howard reached
    a basically incorrect conclusion about the current iSCSI security
    direction), and the set of folks whom we may confuse includes those
    with the ability to greatly complicate our efforts to get iSCSI
    security specified.
    
    FWIW, all three of the Kerberos digests are based on DES, and hence
    rather weak from a cryptographic standpoint, and given that we're
    starting from scratch here, SHA-1 is preferable to MD5.
    
    I really think that text needs to come out.
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Tue Sep 04 01:03:56 2001
6315 messages in chronological order