|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: SRP vs PKI for authenticationiSCSI doesn't require the use of SRP - it's just the authentication method that MUST be implemented by each compliant iSCSI implementation s.t. interoperability is guaranteed. PKI (by SPKM-1 or SPKM-2) is defined and optional to implement and use in iSCSI. SRP was chosen in the Nashua May 2001 interim meeting, after long review of 6 authentication methods according to 6 criteria. The main issues with SPKM was complex administration of CAs/CRLs and lack of existing implementations. You can see the presentation for this review on http://www.haifa.il.ibm.com/satran/ips/iSCSI-Sec-review-Nashua.pdf . Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253 VAHUJA@aol.com@ece.cmu.edu on 14/11/2001 02:12:56 Please respond to VAHUJA@aol.com Sent by: owner-ips@ece.cmu.edu To: <ips@ece.cmu.edu> cc: Subject: SRP vs PKI for authentication iSCSI draft 08 requires use of SRP for authentication, while for Fabric switch authentication, there are proposals in T11 that use PKI. The iSNS also allows PKI for authentication. I have also seen some IP concerns raised recently about SRP... So my question is - for iSCSI login-time authentication, are there compelling reasons for using SRP instead of PKI?
Home Last updated: Wed Nov 14 18:17:48 2001 7819 messages in chronological order |