RE: iSCSI: security questions

To: "Lee Xing" <lxing@Crossroads.com>
Subject: RE: iSCSI: security questions
From: "Ofer Biran" <BIRAN@il.ibm.com>
Date: Thu, 15 Nov 2001 19:33:37 +0200
Cc: <ips@ece.cmu.edu>
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu



Lee,

+ Let's consider a Login Phase Example:
+
+ I-> Login (CSG,NSG=0,1 T=1)
+     ...
+     AuthMethod=KRB5,SRP,none
+
+ T-> Login-PR (CSG,NSG=0,1 T=1)
+     ...
+     AuthMethod=none
+
+ does "CSG=0" mean that the initiator "requires
+ authentication"?  If it does, is "none" in Login
+ AuthMethod list a legal value to have?  If it is,
+ is "none" in Login-PR AuthMethod list a legal value
+ to have even though the target "requires authentication"?
+ If it is, should the connection closes, or should the
+ initiator continue with next Login Stage?  If it
+ should continue with next Login Stage, then should
+ we reword the paragraph in SEC-IPS v.04?

"CSG=0" means that the initiator starts the login phase in
the SecurityNegotiation stage. "AuthMethod=KRB5,SRP,none"
means that it doesn't require authentication - since he
offers also the "none" option. And indeed it also sets
"NSG=1", s.t. if the target chooses "none" (and agrees
to the stage transition by "NSG=1 T=1") - the stage
transition can occur immediately on the next initiator
Login command.


  Regards,
    Ofer


Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253

Prev by Date: Re: iSCSI: SCSI timeout handling change
Next by Date: RE: iSCSI: update on OOO CmdSNs/connection
Prev by thread: RE: iSCSI: security questions
Next by thread: SRP vs PKI for authentication
Index(es):
- Date
- Thread

Home

Last updated: Thu Nov 15 14:17:41 2001
7823 messages in chronological order