SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: security questions



    
    
    Lee,
    
    + Let's consider a Login Phase Example:
    +
    + I-> Login (CSG,NSG=0,1 T=1)
    +     ...
    +     AuthMethod=KRB5,SRP,none
    +
    + T-> Login-PR (CSG,NSG=0,1 T=1)
    +     ...
    +     AuthMethod=none
    +
    + does "CSG=0" mean that the initiator "requires
    + authentication"?  If it does, is "none" in Login
    + AuthMethod list a legal value to have?  If it is,
    + is "none" in Login-PR AuthMethod list a legal value
    + to have even though the target "requires authentication"?
    + If it is, should the connection closes, or should the
    + initiator continue with next Login Stage?  If it
    + should continue with next Login Stage, then should
    + we reword the paragraph in SEC-IPS v.04?
    
    "CSG=0" means that the initiator starts the login phase in
    the SecurityNegotiation stage. "AuthMethod=KRB5,SRP,none"
    means that it doesn't require authentication - since he
    offers also the "none" option. And indeed it also sets
    "NSG=1", s.t. if the target chooses "none" (and agrees
    to the stage transition by "NSG=1 T=1") - the stage
    transition can occur immediately on the next initiator
    Login command.
    
    
      Regards,
        Ofer
    
    
    Ofer Biran
    Storage and Systems Technology
    IBM Research Lab in Haifa
    biran@il.ibm.com  972-4-8296253
    
    
    


Home

Last updated: Thu Nov 15 14:17:41 2001
7823 messages in chronological order