|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: security questionsLee, + Let's consider a Login Phase Example: + + I-> Login (CSG,NSG=0,1 T=1) + ... + AuthMethod=KRB5,SRP,none + + T-> Login-PR (CSG,NSG=0,1 T=1) + ... + AuthMethod=none + + does "CSG=0" mean that the initiator "requires + authentication"? If it does, is "none" in Login + AuthMethod list a legal value to have? If it is, + is "none" in Login-PR AuthMethod list a legal value + to have even though the target "requires authentication"? + If it is, should the connection closes, or should the + initiator continue with next Login Stage? If it + should continue with next Login Stage, then should + we reword the paragraph in SEC-IPS v.04? "CSG=0" means that the initiator starts the login phase in the SecurityNegotiation stage. "AuthMethod=KRB5,SRP,none" means that it doesn't require authentication - since he offers also the "none" option. And indeed it also sets "NSG=1", s.t. if the target chooses "none" (and agrees to the stage transition by "NSG=1 T=1") - the stage transition can occur immediately on the next initiator Login command. Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253
Home Last updated: Thu Nov 15 14:17:41 2001 7823 messages in chronological order |