SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI authentication requirements



    On Wed, Mar 27, 2002 at 03:42:55PM -0500, David Jablon wrote:
    > A primary decision for the WG to consider is whether
    > item (e), preventing "dictionary attack", is important.
    
    We need to be a bit more nuanced here.  The question is not just
    whether or not a particular scheme is vulnerable to a dictionary
    attack, but under what circumstances is it vulnerable to a dictionary
    attack.  If the attack requires the use of an active attack, where the
    attacker has to be on communications path, *and* the attacker must
    interpose him/herself between the client and the server, *and* the
    attack causes the attempted authentication to fail, such that the
    client knows something might be going on --- how bad is it that under
    these sorts of circumstances, a dictionary attack might be possible?
    
    Also, if we posit that the authentication target has a public key,
    which can be optionally cached by the client (in an ssh-style type
    approach), then the server can sign its challenge with its public key,
    and then even the possibility of an active attack is limited to the
    first time the client talks to a particular server or iSCSI target.
    
    Is this as good as an EKE, SPEKE, or PDM-style authentication scheme?
    Nope; but it's close.  And as I articulated during the IETF
    open-plenary, we are an engineering organization, and engineering
    always involves tradeoffs.  Some of these tradeoffs are not
    necessarily strictly technical, but involve real-world
    business/financial issues.
    
    The problem at this point is that the IP situation with respect to all
    of these schemes is cloudy, and that may prevent some companies from
    being able to implement the spec.  Also, if any of these patent claims
    are true, then it certainly will rule out open-source, reference
    implementations from being able to fully implement the specification.
    Such reference implementations have for other working groups been a
    significant force towards helping assure interoperability.  (Also,
    consider that as Linux continues to make inroads into the server
    platforms, it would be a real shame if Linux were not able to make
    authenticated connections to iSCSI devices thanks to the patent
    issues; you'd be essentially eliminating part of the iSCSI device
    manufacturers' market thanks to the patent issue.)
    
    How important are these issues?  Well, I will be the first to admit
    that if some patented technology conferred overwhelming advantage over
    all other alternatives (such as back in the bad old days when RSA and
    D-H was the only game in town for doing public-key cryptography), then
    the concerns which I've articulated probably would not outweigh the
    technical advantage conferred by the IP-encumbered technology.  (And
    even in that case, the fact that the technology was encumbered
    probably delayed the wide-spread use of protocols which specified the
    use of public-key technology by close to a decade.)
    
    In this particular case, however, I would submit that the advantage
    confered by using EKE, SPEKE, PDM, or other related technologies is at
    best marginal.  There are other technical solutions, which I've
    outlined above, that provide almost the same amount of protection,
    without having to deal with the headaches of settling with potentially
    two or three patent holders.  We also avoid eliminating at one stroke
    all possibilities of compliant/legal open-source implementations of
    the technology.  Because of both downsides, in this particular case,
    the engineering tradeoffs simply isn't worth it.
    
    							- Ted
    


Home

Last updated: Thu Mar 28 16:18:17 2002
9367 messages in chronological order