|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: Public Key Method> > A derivative > > is necessary, because there are intellectual property > > issues with at least one of the crypto algorithms specified in > > RFC 2025 > > Can you specify which algorithm you're referring to ? I guess Ofer, The md5WithRSAEncryption and sha1WithRSAEncryption integrity algorithms. However, it looks like the IP issues were around the RSA algorithm itself, which according to http://www.ietf.org/ietf/IPR/RSA, has expired. (In my defense, at the time the LIPKEY/SPKM-3 RFC was written/published the patent hadn't expired, and I was asked by the WG chair to make the algorithm not mandatory). Assuming the IP issues are now moot, I would expect RFC 2847 to be updated someday to REQUIRE sha1WithRSAEncryption, and make id-dsa-with-sha1 OPTIONAL. There may however, be other reasons to make an SPKM-2 derivative, relating to, for example, weaknesses discovered in MD5 that weren't known when RFC 2025 (SPKM) was published. I went through the effort of looking for these deficiencies in SPKM-1, but didn't bother to make the analysis in SPKM-2, since I had no immediate use for it. > this is less a problem for us since it's only an optional method > (David - please correct me if I'm wrong here...) Unless it is envisioned that both the iSCSI client and server will often come from the same vendor, making SPKM, Kerberos V5, etc. optional to implement is unlikely to result in a high frequency of situations where these methods get used. -mre
Home Last updated: Tue Sep 04 20:17:05 2001 6341 messages in chronological order |