SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: invalid key value



    "LEMAY,KEVIN (A-Roseville,ex1)" wrote:
    > 
    > This is an area that is open to interpretation in the spec.
    > 
    > My interpretation is:
    > 
    > Any parameter defined in appendix D can only have the values represented in
    > the appendix. To offer any thing not defined in the spec for these well
    > defined parameters is a format error. The first option offered is an invalid
    > one, thus a format error has occurred.
    
    This makes the iSCSI draft non-extensible through other drafts.
    There are a lot of value-added things that can be done, either
    by other drafts/RFCs adding new methods to iSCSI, or through
    vendor-specific methods.  The iSCSI revision number has little
    to do with text keys; it is primarily a PDU format version
    number.  If we have to change the base iSCSI spec and version
    every thing a new authentication method is made available,
    for example, we will be turning out too many big RFCs.  Better
    to have a good, extensible "base" iSCSI protocol, and add
    new authentication or digest methods through separate RFCs.
    
    Otherwise, we would have done better to keep the login exchange
    as a set of binary keys and values, instead of text.
    
    > 
    > If newer options are added to the spec, then they would be defined for that
    > revision and see no problem. The values offered must be consistent with the
    > version number sent in the login request. If new key values are added to a
    > spec and the initiator supports a range of versions. Only key pairs and
    > values common to the requests versions should be offered. If this is not
    > true, then the spec needs to be updated to make it clear that not understood
    > key values should be passed over and only rejected if no valid option
    > exists.
    
    I disagree.  This makes it too difficult to add new methods to
    the iSCSI protocol.  A new PDU format revision should not be
    necessary to add an authentication method.
    
    > The spec is clear on the behavior when a format error occurs. A target
    > should reject the login and close the connection.
    > 
    > On further review, NotUnderStood is not the correct response. The correct
    > response would be: "DataDigest=Reject"
    
    This response should be sent only if NONE of the offered methods
    are supported.  If any method offered is recognized and supported,
    that method will be returned by the target.
    
    --
    Mark
    
    > Kevin Lemay
    > Agilent Technologies
    > 
    > -----Original Message-----
    > From: Mark Bakke [mailto:mbakke@cisco.com]
    > Sent: Friday, January 25, 2002 8:28 AM
    > To: kevin_lemay@agilent.com
    > Cc: ssenum@cisco.com; ips@ece.cmu.edu; Eddy_Quicksall@ivivity.com
    > Subject: Re: iSCSI: invalid key value
    > 
    > Kevin-
    > 
    > How can this be rejected, if at least one of the values
    > is understood and supported?  One of the original reasons
    > to negotiate digest methods, authentication methods, and
    > such is so newer methods can be added to iSCSI as they
    > become available.  If I have an initiator that sends:
    > 
    > DataDigest=LatestGreatestDigest,CRC32C,none
    > 
    > and a target that supports CRC32C, it should pick CRC32C,
    > rather than sending back a notunderstood.  This way, the
    > initiator can say what it wants, and the target can pick
    > from the set of methods it supports.
    > 
    > If we let the target reject these, we will degenerate
    > iSCSI login into a "try this, nope, try that, nope, then
    > let's try this" sort of negotiation:
    > 
    > I->T DataDigest=LatestGreatest,NextBestThing,CRC32C,none
    > 
    > T->I reject
    > 
    > I->T DataDigest=NextBestThing,CRC32C,none
    > 
    > T->I reject
    > 
    > I->T DataDigest=CRC32C,none
    > 
    > T->I DataDigest=CRC32C
    > 
    > The initiator had to guess at which value the target didn't
    > like, then keep trying to log in with different sets of
    > methods until they were reduced to the subset known by the
    > target.  This would default the purpose of having a relatively
    > simple negotiation for these things.
    > 
    > Steve is right, the only good way to do this is to accept
    > the value that's understood, even if it's "none", rejecting
    > only if none of the values are understood.  If the initiator
    > didn't want "none", it shouldn't have offered.
    > 
    > BTW, if "CRC32C" is corrupted into "#$C32C", we will have
    > much worse problems than text key corruption, and trying
    > to get around it this way will not work.
    > 
    > --
    > Mark
    > 
    > kevin_lemay@agilent.com wrote:
    > >
    > > I disagree,
    > >
    > > This is an initiator error and the login should be rejected as such.
    > > NotUnderStood should be returned in the key with the login rejected.
    > >
    > > Kevin Lemay
    > > Agilent Technologies
    > >
    > > -----Original Message-----
    > > From: Steve Senum [mailto:ssenum@cisco.com]
    > > Sent: Friday, January 25, 2002 7:57 AM
    > > To: ietf-ips
    > > Cc: Eddy Quicksall
    > > Subject: Re: iSCSI: invalid key value
    > >
    > > Eddy,
    > >
    > > If someone sends me "DataDigest=#$C32C,none".
    > > I will respond "DataDigest=none".
    > >
    > > I think responding with "DataDigest=NotUnderstoood"
    > > or one of the other special responses would be wrong,
    > > as there is nothing wrong with the key ("DataDigest").
    > >
    > > Since I support "none", and can't tell "#$C32C"
    > > is really "CRC32C", I believe "DataDigest=none"
    > > is the only correct response.
    > >
    > > Steve Senum
    > >
    > > -----------------------------------------
    > > Subject: iSCSI: invalid key value
    > >    Date: Fri, 25 Jan 2002 10:17:12 -0500
    > >    From: Eddy Quicksall <Eddy_Quicksall@ivivity.com>
    > >      To: "ips@ece. cmu. edu (E-mail)" <ips@ece.cmu.edu>
    > >
    > > If a key has a value that is not valid, do you know how I respond?
    > >
    > >
    > >
    > > For example, DataDigest=#$C32C,none. The valid values are CRC32C,none.
    > >
    > >
    > >
    > > If I say DataDigest=NotUnderstood, wouldn't that mean the key was not
    > > understood?
    > >
    > >
    > >
    > > If I say DataDigest=Reject, that would mean I don't support the key for
    > the
    > > current initiator.
    > >
    > >
    > >
    > > If I say DataDigest=Irrelevant, that would mean the digest is not relevant
    > > for
    > > the current negotiation.
    > >
    > >
    > >
    > > If I say DataDigest=none, that would mean I don't support CRC32C when in
    > > reality
    > > I do. It could be that, since there is no digest in login,
    > > the 1st two letters got changed.
    > >
    > >
    > >
    > > If I treat it as a protocol error and send a response with status == 0200
    > or
    > > 0201, then the initiator does not know why.
    > >
    > >
    > >
    > > Eddy
    > 
    > --
    > Mark A. Bakke
    > Cisco Systems
    > mbakke@cisco.com
    > 763.398.1054
    
    -- 
    Mark A. Bakke
    Cisco Systems
    mbakke@cisco.com
    763.398.1054
    


Home

Last updated: Fri Jan 25 14:17:55 2002
8482 messages in chronological order