SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: Public Key Method



    
    Joshua,
    what is the value of the time stamp in SPKM-2?  Does it make it more
    secure, or flexible or ????
    If you had to chose one (either SPKM-1 or SPKM-2), which one would you
    chose and why?
    What would be the down side to that choice?
    
    .
    .
    .
    John L. Hufferd
    Senior Technical Staff Member (STSM)
    IBM/SSG San Jose Ca
    Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
    Home Office (408) 997-6136
    Internet address: hufferd@us.ibm.com
    
    
    Joshua Tseng <jtseng@NishanSystems.com>@ece.cmu.edu on 08/31/2001 07:21:11
    PM
    
    Sent by:  owner-ips@ece.cmu.edu
    
    
    To:   ips@ece.cmu.edu
    cc:
    Subject:  iSCSI: Public Key Method
    
    
    
    This message is in response to the action item David Black gave me
    at the Interim meeting to investigate the need for a Public Key Method
    for iSCSI.
    
    My recommendation is that if we include the Kerberos method in iSCSI,
    then we should also include at least one Public Key Method as well.
    I don't see any problem with using SPKM-1 and SPKM-2.  The only
    difference between them is that SPKM-2 includes a timestamp.
    
    Although Kerberos has been in use for a longer period of time,
    public key offers significant scaling advantages.  It is also widely
    recognized as the next-generation key distribution method, and
    I believe iSCSI should not leave it out.
    
    Some of the key advantages of public key:
    
    1)  Key distribution does not require a secure communication
    channel between the communicating principals and the key distribution
    authority.  Public keys can be distributed in the clear.  On the
    other hand, Kerberos requires an additional set of security associations
    between the Kerberos server and every principal, or manual distribution
    and configuration of keys, which can be an administrative nightmare.
    
    2)  In Public Key, there is no single point of failure as there is
    with a Kerberos Server.  If the Kerberos Server is wiped out in
    a DOS attack, no one can access its keys, and no one can talk securely.
    Also, if the contents of the Kerberos Server is compromised, anyone
    can be impersonated.  On the other hand, if the CA is wiped out,
    holders of public keys can still continue to function.  Furthermore,
    CA's can be distributed, making them resilient to attacks.
    
    3)  In Public Key, there is no single physical location or device
    in the network that can be considered a performance bottleneck.
    This is another reason why Public Key is far more scalable than
    Kerberos.
    
    4)  Of all the iSCSI authentication methods in the current draft
    (KRB5, SRP, CHAP), SPKM-1 and SPKM-2 require the least amount
    of manual administration.
    
    Given the above, it makes sense to me that if we include Kerberos,
    then we ought to also include Public Key.  We may not need both
    SPKM-1 and SPKM-2, but I think we should include at least one of
    them.  I believe the current text in the iSCSI document is fine
    (good job Ofer!).
    
    Josh
    
    
    
    
    


Home

Last updated: Tue Sep 04 15:17:12 2001
6332 messages in chronological order