SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI - Change - Login/Text commands with the binary stage code



    
    Steve,
    
    my comments in text - Julo
    
    
    
    Steve Senum <ssenum@cisco.com>@ece.cmu.edu on 25-08-2001 01:54:47
    
    Please respond to Steve Senum <ssenum@cisco.com>
    
    Sent by:  owner-ips@ece.cmu.edu
    
    
    To:   ietf-ips <ips@ece.cmu.edu>
    cc:
    Subject:  Re: iSCSI - Change - Login/Text commands with the binary stage
          code
    
    
    
    Hi Julian,
    
    A have two questions on your proposal with respect to the
    new CNxSG field.
    
    1. In the section:
    
    >    Stage transition is performed through a command exchange
    >    (request/response) carrying the F bit and the same current stage code.
    >    During this exchange, the next stage selected is the lower of the two
    >    next stage codes.  The initiator can request a transition whenever it
    is
    >    ready but a target can respond with a transition only after it is
    >    offered one by the initiator.
    
    I assume from this that the target must always return the
    same "current stage" as the initiator, so there is no
    way for the stages to go backwards (which is fine with me).
    
    +++ that is correct. Stages can't go backwards +++
    
    2. In the section:
    
    >    If the initiator is willing no negotiate security but it is unwilling
    to
    >    make the initial parameter offer and may accept a connection without
    >    security it issues the Login with the F bit set to 1, the CNxSG set to
    >    SecurityNegotiation in the current stage and
    LoginOperationalNegotiation
    >    in the next stage. If the target is also ready to forego security the
    >    Login response is empty and has F bit is set to 1 and the CNxSG set to
    >    SecurityNegotiation in the current stage and
    LoginOperationalNegotiation
    >    in the next stage.
    
    So, if the initiator opens with:
    
    I-> Login (CNxSG=0,1 F=1)
    
    And the target responds with:
    
    T-> Login-PR (CNxSG=0,1 F=0) AuthMethod=CHAP
    
    And the initiator responds with:
    
    I-> Text (CNxSG=0,1 F=0) AuthMethod=CHAP
    
    The target should respond with a blank text message?
    
    T-> Text (CNxSG=0,1 F=0)
    
    Since all of the AuthMethods in Appendix A specify
    that the initiator MUST start the authentication sequence
    (which is fine with me).
    ++++ that is a correct sequence but the initiator could as well start the
    parameters on the same PDU it is acking the use of CHAP like:
    
    I-> Text (CNxSG=0,1 F=0) AuthMethod=CHAP A=<A1,A2...>
    
    True the sequences are not symmetric as we decided early on that the target
    has to reject and say why while the initiator will drop connections.
    
    +++++
    Regards,
    Steve Senum
    
    
    
    


Home

Last updated: Tue Sep 04 01:03:54 2001
6315 messages in chronological order