|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI:SRPExcerpt of message (sent 2 April 2002) by KRUEGER,MARJORIE (HP-Roseville,ex1): > I don't see your reasoning here David, please explain. As Mallikarjun says, > it's up to this WG to decide what the authentication reqmts are for iSCSI > and choose a protocol. Why would the IESG second guess that? If that's the > case, perhaps there's an unknown, unbounded list of authentication protocols > that we haven't considered that the IESG will make us go back and consider? > It's my understanding that DH-strenghthened CHAP is only "proposed", not > currently standard (not even a draft)? So I can't believe the IESG will > make us go consider requiring a draft in our proposed standard, that's > against their own stated rules? > > I agree with John. Same here. I'm definitely not the world's greatest fan of SRP, but I much prefer a requirement for an existing RFC (even if not yet widely implemented) over a diversion towards a not yet defined, not yet analyzed, new protocol with unknown security properties. That way only leads to further delay and further confusion. (Note that "based on CHAP" is equivalent to saying "DIFFERENT from CHAP" -- there is NO such thing in security protocols as a "small change".) Let me make that a stronger proposal: I propose to retain the "SRP mandatory" language in Draft 12, and issue that document for a real (not a fake) WG Last Call. It's time. paul
Home Last updated: Wed Apr 03 11:18:23 2002 9444 messages in chronological order |