RE: iSCSI: New Lucent stmt on SRP

[David Jablon <dpj@theworld.com>]

>> From: Amir Shalit [mailto:amir@astutenetworks.com]
>> Does [the new Lucent letter] solve the SRP dilemma?

At 01:58 PM 3/29/02 -0500, Black_David@emc.com wrote:
>Not completely, but it helps. ...

David, can you elaborate on how it helps, what is missing, etc.?

>... The IESG is now requesting
>that the WG consider use of a version of CHAP strengthened
>by an anonymous Diffie-Hellman key exchange as an alternative
>to SRP. ...

I'm not sure what "alternative" means in this context.  An alternative
"option" in addition to something like SRP would achieve the
goal of guaranteed free interoperability.  Or has the IESG suggested
"replacement", which is something else entirely?

>Ted Ts'o has done us the favor of posting many of the issues
>that the IESG expects the WG to consider in his post from
>this past Wednesday:
>http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09358.html

Have these IESG requests to the WG and expectations of the WG
been formally posted directly to the list?  It would be nice to
know what the other issues are too, that weren't included in
Ted's post.

>I would hope that a strawman design for this mechanism
>could be posted in the next week, and apologize for the
>delay ... I'm afraid that all attempts to clone me have
>failed, and I need to ensure that some real cryptographers
>check the resulting design before it is posted  ;-).

As legitimate review is an open process, I assume your wink
means that the secret initial checking by "real cryptographers"
is just a necessary first step.  Ted's post has stimulated an
initial thread of security discussion, which can continue
after the design is posted.

-- David