SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: Text request/response spanning - security issue?



    On Fri, 29 Mar 2002, Paul Koning wrote:
    
    > Excerpt of message (sent 29 March 2002) by Bill Studenmund:
    > > Why don't we negotiate a size? We have a default max size for individual
                                                 ^^^^^^^^^^^
    This is the fixed minimum you mention below, under a different name. I
    call it a max since it is the max size of negotiation items it covers.
    
    > > key=value items, and a max for the entire set. Either the target or the
    > > initiator can try to negotiate it up, but has to deal with the other side
    > > saying no. You can't negotiate it below the default max that we decide on.
    > >
    > > The main thing about making it a negotiated value is both sides can know
    > > what the other can do. We won't get surprise errors as we tripped over an
    > > undisclosed limit one side had.
    >
    > But we're talking about limits of the negotiation process itself.
    
    I understand.
    
    I am suggesting that durning negotiation we negotiate parameters covering
    the very negotiations we are in. That means that some key=value items can
    only be sent after a given size has been negotiated.
    
    > Yes, you can renegotiate after login, but login is the primary
    > negotiation point.  I think a fixed minimum requirement is more
    > straightforward.
    
    While having a minimum required is good, if we don't have a way to
    negotiate a larger value, how can we really use a larger value? So if we
    can't negotiate the largest size we allow for key=value items and for the
    set, aren't you really suggesting we just pick a number and that's it?
    
    What's the alternative? Send something too large and either crash the
    other side or have some 'I'm confused' error come back? At least with
    negotiation, each side will know what it can and can't send.
    
    So here's the suggestion again. We start negotiation with a default value
    for the largest key=value item that can be sent, and the largest set of
    items that can be sent. These defaults are the minimum required that you
    mention. If we want, either side can try to negotiate these values larger.
    If negotiation suceeds, then future steps of negotiation can use the
    larger values. Negotiation can't lower the values below the minimum
    required.
    
    Take care,
    
    Bill
    
    


Home

Last updated: Sat Mar 30 00:18:11 2002
9389 messages in chronological order