Re: iSCSI: Text request/response spanning - security issue?

[Paul Koning <ni1d@arrl.net>]

Excerpt of message (sent 29 March 2002) by Bill Studenmund:
> > Yes, you can renegotiate after login, but login is the primary
> > negotiation point.  I think a fixed minimum requirement is more
> > straightforward.
> 
> While having a minimum required is good, if we don't have a way to
> negotiate a larger value, how can we really use a larger value? So if we
> can't negotiate the largest size we allow for key=value items and for the
> set, aren't you really suggesting we just pick a number and that's it?
>
> What's the alternative? Send something too large and either crash the
> other side or have some 'I'm confused' error come back? At least with
> negotiation, each side will know what it can and can't send.

If you crash, you have a bug.  I was assuming a reject that says "your
text is too long".
 
> So here's the suggestion again. We start negotiation with a default value
> for the largest key=value item that can be sent, and the largest set of
> items that can be sent. These defaults are the minimum required that you
> mention. If we want, either side can try to negotiate these values larger.
> If negotiation suceeds, then future steps of negotiation can use the
> larger values. Negotiation can't lower the values below the minimum
> required.

That sounds workable but I don't see the justification for that extra
complexity.  Luben brought up the original issue as a denial of
service concern.  Is there a plausible real-world example where
someone will want to send a meaningful negotiation exchange that's
"very large"?  I don't know of one.  If there isn't a real need for
the complexity, let's make the minimal fix needed, which is to say
"everyone must support at least x" without negotiating x.

	    paul