SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: Login authentication SRP/CHAP



    Bill Strahm wrote:
    > 
    > So what you are arguing is that you expect a large number of implementations
    > to opt for #3... In that case we do not have a secure link.  You have two
    > choices, either remove option #3 because they are not iSCSI devices
    > therefore do not need to be considered, or change your security requirement
    > to use IPsec to a SHOULD...
    
    I like the SHOULD.  The problem is that the IETF will not let us
    go through last call with the SHOULD; they want a MUST implement.
    
    So the best we can do as implementors is provide the full solution
    (at a premium price) where needed, and claim a minor deviance from
    the specification where it's not required.
    
    BTW, I prefer CHAP as well; even if it's not as secure, it's the
    only thing compatible with existing RADIUS infrastructure.
    
    Perhaps we could say:
    
    - IPsec is a MUST implement
    - CHAP is a MUST implement
    
    and anyone wanting a non-IPsec implementation can put in SRP if
    they think that they need a more secure method than CHAP.
    
    --
    Mark
    
    > I honestly think the later is the better choice because right now there are
    > VERY few solutions that can handle IPsec at the speeds we are talking about
    > (there are a few IPsec accellerators that you hinted at in existance today
    > however)...  Now if I have a situation where I do not have a required secure
    > link under the protocol, then I think we MUST have a secure login... But I
    > don't think we need both (I think both requirements should be SHOULD
    > requirements to solve a problem)
    > 
    > Bill
    > +========+=========+=========+=========+=========+=========+=========+
    > Bill Strahm     Software Development is a race between Programmers
    > Member of the   trying to build bigger and better idiot proof software
    > Technical Staff and the Universe trying to produce bigger and better
    > bill@sanera.net idiots.
    > (503) 601-0263  So far the Universe is winning --- Rich Cook
    > 
    > -----Original Message-----
    > From: mbakke@cisco.com [mailto:mbakke@cisco.com]
    > Sent: Friday, October 19, 2001 9:23 AM
    > To: Bill Strahm
    > Cc: John Hufferd; IPS Reflector (E-mail)
    > Subject: Re: iSCSI: Login authentication SRP/CHAP
    > 
    > Bill-
    > 
    > We have talked about this very subject extensively in other
    > face-to-face meetings.  Here's a summary.  Basically, the
    > "mandatory to implement" for a secure link (either IPsec or
    > SSL) is an IETF requirement, and not necessarily a product
    > requirement.  Therefore, we will see three kinds of products:
    > 
    > 1. Products that implement IPsec in hardware.  These will
    >    provide good performance and security in the same package,
    >    but will add hardware cost (not list price) at a few
    >    hundred dollars per port.  This, plus development cost,
    >    plus the fact that not everyone requires this kind of
    >    security, will make this cost-prohibitive for many products.
    > 
    >    As IPsec chips are developed, this could be integrated at
    >    a somewhat lower cost, but again, we're talking a fairly
    >    long time before these things are realized in products.
    > 
    > 2. Products that implement IPsec in software.  This may be
    >    acceptable for some initiators that do not require much
    >    bandwidth, but will almost never be acceptable to meet
    >    a target's bandwidth requirements.  Some vendors may be
    >    tempted to put in a "toy implementation" of IPsec in
    >    software just to claim RFC compliance, but performance
    >    will be so poor that nobody will actually want to use it.
    > 
    > 3. Products that just leave out IPsec entirely.  This is what
    >    today's iSCSI products already do, and this is cheaper than
    >    putting IPsec in hardware, and more honest (at least in
    >    high bandwidth products) than putting it in software.  The
    >    marketing guys can deal with the "compliant-except-for-IPsec"
    >    problem.  After all, very few file server or other data
    >    storage products support this kind of security; the demand
    >    for IPsec may be a specialty market, or an optional, added-cost
    >    item for some products.
    > 
    > It doesn't matter whether IPsec or SSL is used for the
    > secure link; either one requires roughly the same hardware
    > cost and/or software performance cost for the above solutions.
    > 
    > We have to deal with #3.
    > 
    > --
    > Mark
    > 
    > Bill Strahm wrote:
    > >
    > > But it is Required to implement, so the link has as much security as the
    > > administrator requires for the situation.  So if IPsec is not being used
    > it
    > > is because a) the administrator doesn't care about wire security b) the
    > > administrator doesn't have anything that needs to be protected c) the
    > > administrator doesn't have the resources to protect it.  So for those
    > > reasons I don't buy the argument in your first paragraph...
    > >
    > > The rest is just strict ACL... For you do not need SRP to provide identity
    > > information, I could just as easily send username="Bill" password="foo"
    > over
    > > the wire and it will provide the same functionality (all SRP does is
    > prevent
    > > you from having to send Bill and foo over the wire directly at the cost of
    > a
    > > lot of mathematics.  And with a link that is administratively configured
    > to
    > > be adequately secure, I don't see the problem with it.
    > >
    > > I do not understand why you are requiring IPsec/IKE, but refusing to
    > > consider a much simpler to configure/support TLS.  It sounds like many of
    > > the problems that you are having that are requiring you to go with a
    > > protocol that has unknown IP rights, and licensing behind it could be
    > easily
    > > solved by changing the security from IPsec to TLS, but that is my opinion.
    > >
    > > I think the problem is that people are trying to solve way too many
    > > problems, assume that IPsec has adiquate link security and go from there.
    > > If IPsec is not capable of securing the link, then remove the solution and
    > > replace it with a technology that can secure the link...
    > >
    > > Bill
    > > +========+=========+=========+=========+=========+=========+=========+
    > > Bill Strahm     Software Development is a race between Programmers
    > > Member of the   trying to build bigger and better idiot proof software
    > > Technical Staff and the Universe trying to produce bigger and better
    > > bill@sanera.net idiots.
    > > (503) 601-0263  So far the Universe is winning --- Rich Cook
    > >
    > > -----Original Message-----
    > > From: John Hufferd [mailto:hufferd@us.ibm.com]
    > > Sent: Friday, October 19, 2001 1:54 AM
    > > To: Bill Strahm
    > > Cc: IPS Reflector (E-mail)
    > > Subject: RE: iSCSI: Login authentication SRP/CHAP
    > >
    > > Bill,
    > > IPSec is optional to use!  So you can not assume that you have a Secure
    > > connection.  And even if you use IPSec, you can not be sure that Privacy
    > > (encryption) is being used.  So for these reasons alone you need to have
    > an
    > > iSCSI method of Authentication.
    > >
    > > Next, the lower levels only know that the link is OK to be use for
    > > something.  It does not know that it is iSCSI that is using the link, and
    > > if it did it does not have access to the iSCSI ACLs.  Nor does iSCSI know
    > > what is handled at the lower levels so it must do its own ACL processing.
    > >
    > > Even if the link is secure (perhaps even encrypted) and iSCSI
    > > Authentication finds out that you are user "Bill", that does not say that
    > > you have the right to get at All resources.  "Bill" will be authorized to
    > > operate from certain iSCSI Initiator Nodes, and those nodes will only be
    > > permitted to see certain approprate LUs.  These are all iSCSI functions
    > NOT
    > > TCP or IPSec.
    > >
    > > Your suggestion to use TLS, was fully discussed in Irvine, and that issue
    > > is now behind us.
    > >
    > > .
    > > .
    > > .
    > > John L. Hufferd
    > > Senior Technical Staff Member (STSM)
    > > IBM/SSG San Jose Ca
    > > Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
    > > Home Office (408) 997-6136
    > > Internet address: hufferd@us.ibm.com
    > >
    > > "Bill Strahm" <bill@sanera.net>@ece.cmu.edu on 10/17/2001 02:19:38 PM
    > >
    > > Sent by:  owner-ips@ece.cmu.edu
    > >
    > > To:   "IPS Reflector \(E-mail\)" <ips@ece.cmu.edu>
    > > cc:
    > > Subject:  RE: iSCSI: Login authentication SRP/CHAP
    > >
    > > Just to bring up a cynical point.  Why do we need SRP anyway... after all
    > I
    > > am running over a required secure channel, so there should be no problem
    > > with just sending a user ID/Passphrase over the secure channel.  This will
    > > prevent a LOT of interoperability problems, extra code required to
    > > implement
    > > additional security algorithms, etc.
    > >
    > > This makes my implementation much simpler, I can seperate
    > > login/authentication parameters (currently SRP) vs. setting up a secure
    > > channel (IPsec).  If we go the Application level secure authentication
    > > method, I would rather we replace the security layer with TLS rather than
    > > IPsec, so we get authentication/security all in one place rather than
    > > scattered around lower layer protocols, application protocols...
    > >
    > > Bill Strahm
    > > +========+=========+=========+=========+=========+=========+=========+
    > > Bill Strahm     Software Development is a race between Programmers
    > > Member of the   trying to build bigger and better idiot proof software
    > > Technical Staff and the Universe trying to produce bigger and better
    > > bill@sanera.net idiots.
    > > (503) 601-0263  So far the Universe is winning --- Rich Cook
    > >
    > > -----Original Message-----
    > > From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
    > > Michael Schoberg
    > > Sent: Wednesday, October 17, 2001 12:53 PM
    > > To: IPS Reflector (E-mail)
    > > Subject: iSCSI: Login authentication SRP/CHAP
    > >
    > > I'm having some problems figuring out the exact implementation for the
    > > login
    > > authentication protocols being proposed.  Is anyone else having similar
    > > issues answering these questions:
    > >
    > > What is the hashing algorithm that will be used for SRP authentication
    > > (SHA-1, MD5, HMAC-SHA1)?
    > >
    > > The SRP negotiation passes the following information (T->I):
    > >
    > > SRP_s = SRP salt
    > > SRP_N = (SRP n value - Large prime number.  All computations are performed
    > > modulo n)
    > > SRP_g = Primitive root modulo of n
    > >
    > > By passing [N] & [g] (T->I), does this mean the initiator must verify that
    > > [N] is a prime and [g] is a primitive root modulo of [N]?  What are the
    > > min/max digits for [N] and [g]?  If any of these are not satisfied (N not
    > > prime, g not primitive modulo root, #digits too small or large), could it
    > > be
    > > used as an attack against the initiator or be used to derive the
    > > initiator's
    > > password?
    > >
    > > The reference to RFC 1994 does not fully describe the CHAP function for
    > > iSCSI, it describes the CHAP message protocol which isn't really used in
    > > our
    > > case.  There's some parameters that need to be nailed down.  What is the
    > > CHAP hash algorithm: (MD5)?  What is the sequence of hashes that take
    > place
    > > on a CHAP challenge to form the CHAP digest?
    > >
    > > The iSCSI draft allows for algorithm selection (CHAP_A=<A1,A2,...>) but
    > > doesn't describe any.  Are these supposed to dictate the hashing function
    > > or
    > > give a description of [what/how it] gets hashed (or both)?  Will there be
    > a
    > > mandatory set (A1..An) that compliant iSCSI implementations must provide?
    > > Is there a reference that actually shows the sequence for a CHAP digest
    > > being formed from MD5 hashes?
    > >
    > > It would help to have an appendix with real username/password examples of
    > > the result exchange?  A table with a few sample sets would be useful for
    > > validating designs.
    > 
    > --
    > Mark A. Bakke
    > Cisco Systems
    > mbakke@cisco.com
    > 763.398.1054
    
    -- 
    Mark A. Bakke
    Cisco Systems
    mbakke@cisco.com
    763.398.1054
    


Home

Last updated: Fri Oct 19 14:17:28 2001
7301 messages in chronological order