RE: iSCSI: security questions

To: <ips@ece.cmu.edu>
Subject: RE: iSCSI: security questions
From: "Lee Xing" <lxing@Crossroads.com>
Date: Wed, 14 Nov 2001 09:17:41 -0600
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;charset="iso-8859-1"
Disposition-Notification-To: "Lee Xing" <lxing@Crossroads.com>
Sender: owner-ips@ece.cmu.edu
Thread-Index: AcFtA9aYDuFziGRYSiWOK7hudj5IXgAF8ezA
Thread-Topic: iSCSI: security questions

Ofer,

Thanks for the info.  Please see my comments bellow.

Regards,


Lee
Crossroads Systems, Inc.

================
Q3:
SEC-IPS v.04, page 11 "Negotiation between Initiator and Target is used
to determine which authentication algorithm to use (or whether to use
one at all); the connection closes if either side requires
authentication and no mutually acceptable algorithm can be agreed upon"

The question is whether "none" is considered as an "acceptable
algorithm".  In other words, if initiator asks
"AuthMethod=KRB5,SRP,none" during login, and target answers
"AuthMethod=none", should the connection be closed, or should the
initiator continue with LoginOperationalNegotiation stage?  If latter is
acceptable, should we reword the last sentence like "...and no mutually
acceptable algorithm or "none" can be agreed upon"?

+ "if either side requires authentication" rules out your example,
+ because by suggesting "none" and choosing "none" no side required
+ authentication.

# In iSCSI v.08, there are quite a few Login Phase 
# Examples which use "AuthMethod=KRB5,SRP,...,none".
# I'm not sure which one (the Login Phase Examples, or 
# your comments) is more appropriate.

Prev by Date: Re: FCencap: List ALL SOF/EOF codes
Next by Date: RE: iSCSI: security questions
Prev by thread: Re: iSCSI: security questions
Next by thread: RE: iSCSI: security questions
Index(es):
- Date
- Thread

Home

Last updated: Wed Nov 14 12:17:43 2001
7813 messages in chronological order