SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: SRP vs PKI for authentication



    
    iSCSI doesn't require the use of SRP - it's just the authentication
    method that MUST be implemented by each compliant iSCSI implementation
    s.t. interoperability is guaranteed. PKI (by SPKM-1 or SPKM-2) is
    defined and optional to implement and use in iSCSI.
    
    SRP was chosen in the Nashua May 2001 interim meeting, after long review
    of 6 authentication methods according to 6 criteria. The main issues with
    SPKM was complex administration of CAs/CRLs and lack of existing
    implementations. You can see the presentation for this review on
    http://www.haifa.il.ibm.com/satran/ips/iSCSI-Sec-review-Nashua.pdf .
    
      Regards,
        Ofer
    
    Ofer Biran
    Storage and Systems Technology
    IBM Research Lab in Haifa
    biran@il.ibm.com  972-4-8296253
    
    
    VAHUJA@aol.com@ece.cmu.edu on 14/11/2001 02:12:56
    
    Please respond to VAHUJA@aol.com
    
    Sent by:  owner-ips@ece.cmu.edu
    
    
    To:   <ips@ece.cmu.edu>
    cc:
    Subject:  SRP vs PKI for authentication
    
    
    
    iSCSI draft 08 requires use of SRP for authentication, while for Fabric
    switch authentication, there are proposals in T11 that use PKI. The iSNS
    also allows PKI for authentication. I have also seen some IP concerns
    raised recently about SRP...
    
    So my question is - for iSCSI login-time authentication, are there
    compelling reasons for using SRP instead of PKI?
    
    
    
    


Home

Last updated: Wed Nov 14 18:17:48 2001
7819 messages in chronological order