Re: SRP vs PKI for authentication

To: VAHUJA@aol.com
Subject: Re: SRP vs PKI for authentication
From: "Ofer Biran" <BIRAN@il.ibm.com>
Date: Wed, 14 Nov 2001 12:53:39 +0200
Cc: <ips@ece.cmu.edu>
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu


iSCSI doesn't require the use of SRP - it's just the authentication
method that MUST be implemented by each compliant iSCSI implementation
s.t. interoperability is guaranteed. PKI (by SPKM-1 or SPKM-2) is
defined and optional to implement and use in iSCSI.

SRP was chosen in the Nashua May 2001 interim meeting, after long review
of 6 authentication methods according to 6 criteria. The main issues with
SPKM was complex administration of CAs/CRLs and lack of existing
implementations. You can see the presentation for this review on
http://www.haifa.il.ibm.com/satran/ips/iSCSI-Sec-review-Nashua.pdf .

  Regards,
    Ofer

Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253


VAHUJA@aol.com@ece.cmu.edu on 14/11/2001 02:12:56

Please respond to VAHUJA@aol.com

Sent by:  owner-ips@ece.cmu.edu


To:   <ips@ece.cmu.edu>
cc:
Subject:  SRP vs PKI for authentication



iSCSI draft 08 requires use of SRP for authentication, while for Fabric
switch authentication, there are proposals in T11 that use PKI. The iSNS
also allows PKI for authentication. I have also seen some IP concerns
raised recently about SRP...

So my question is - for iSCSI login-time authentication, are there
compelling reasons for using SRP instead of PKI?

Prev by Date: Re: iSCSI: security questions
Next by Date: RE: iSCSI: update on OOO CmdSNs/connection
Prev by thread: SRP vs PKI for authentication
Next by thread: RE: SRP vs PKI for authentication
Index(es):
- Date
- Thread

Home

Last updated: Wed Nov 14 18:17:48 2001
7819 messages in chronological order