SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI:SRP



    Excerpt of message (sent 2 April 2002) by KRUEGER,MARJORIE (HP-Roseville,ex1):
    > I don't see your reasoning here David, please explain.  As Mallikarjun says,
    > it's up to this WG to decide what the authentication reqmts are for iSCSI
    > and choose a protocol.  Why would the IESG second guess that?  If that's the
    > case, perhaps there's an unknown, unbounded list of authentication protocols
    > that we haven't considered that the IESG will make us go back and consider?
    > It's my understanding that DH-strenghthened CHAP is only "proposed", not
    > currently standard (not even a draft)?  So I can't believe the IESG will
    > make us go consider requiring a draft in our proposed standard, that's
    > against their own stated rules?
    > 
    > I agree with John.
    
    Same here.
    
    I'm definitely not the world's greatest fan of SRP, but I much prefer
    a requirement for an existing RFC (even if not yet widely implemented)
    over a diversion towards a not yet defined, not yet analyzed, new
    protocol with unknown security properties.  That way only leads to
    further delay and further confusion.  (Note that "based on CHAP" is
    equivalent to saying "DIFFERENT from CHAP" -- there is NO such thing
    in security protocols as a "small change".)
    
    Let me make that a stronger proposal: I propose to retain the "SRP
    mandatory" language in Draft 12, and issue that document for a real
    (not a fake) WG Last Call.
    
    It's time.
    
         paul
    
    

    • References:
      • RE: iSCSI:SRP
        • From: "KRUEGER,MARJORIE (HP-Roseville,ex1)" <marjorie_krueger@hp.com>


Home

Last updated: Wed Apr 03 11:18:23 2002
9444 messages in chronological order