|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: Login authentication SRP/CHAPExcerpt of message (sent 23 October 2001) by Bill Strahm: > ... > I would rather that A SINGLE usable algorithm is labeled MUST implement (if > you must in fact specify a MUST implement at all) and the others are left as > SHOULD implment. You are right a clear text Username-> Password-> challenge > response works great with a secure link (heck I do it every day with SSH) > The idea is usable... > > Again if the problem is that no one will implmement IPsec/use IPsec, then > the problem seems to be with IPsec, lets either make it usable, or pick > another security protocol that is deployable. There seem to be two issues. 1. The IPSec requirement, as stated in the security draft, is that integrity is mandatory but confidentiality is optional to implement. So in fact there is no mandatory-to-implement lower layer confidentiality mechanism that protects the login authentication handshake. If the only vulnerability of a proposed login authentication protocol is in the presence of replay attacks, the IPSec based integrity requirement suffices. If, however, the mechanism is vulnerable to dictionary attacks or other similar problems that require only passive attack, then IPSec based integrity is of no help and its status is irrelevant. 2. It is not clear whether the "rough consensus" required to incorporate a mandate for IPSec in iSCSI exists in this working group. There is significant question on whether it makes technical sense as written. The issue with IPSec implementation/use is not a problem with IPSec that can be resolved by picking a different security protocol. Instead, it is with the choice of requirements as currently stated in the security draft vs. the requirements of a major part of the user community for iSCSI. paul
Home Last updated: Wed Oct 24 12:17:32 2001 7353 messages in chronological order |