|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: SRP vs DH-CHAPMallikarjun, > - Given that Lucent's new clarification came after Minneapolis, let's > consider the possibility that several/most WG participants are now > favorably inclined to go with SRP as the "MUST implement". Can > folks with continuing concerns on SRP please speak up? [ This is *not* > a legal advice; but HP's lawyers do not see any issues for Hewlett-Packard > in the area of SRP. ] That's certainly a reasonable position to take and advocate. > - I find the statement that IESG would send back the iSCSI draft if > it thinks that a sufficient analysis hadn't been done on DH-CHAP > to be surprising to say the least. If SRP meets the needs (more on this > in the next bullet) and SRP has an IPR situation that's deemed > acceptable from IETF's perspective (let's recall that SRP is a > standards track RFC), why would IESG return the iSCSI spec back? RFC 2026 says: 6.1.2 IESG Review and Approval The IESG shall determine whether or not a specification submitted to it according to section 6.1.1 satisfies the applicable criteria for the recommended action (see sections 4.1 and 4.2), and shall in addition determine whether or not the technical quality and clarity of the specification is consistent with that expected for the maturity level to which the specification is recommended. This whole issue falls into the area of "technical quality". The IESG can apply a higher technical standard than "meets the needs" (e.g., a cement mixer "meets the needs" for my personal transportation, but it's not a particularly effective solution for that purpose), and I expect the IESG to do so in this situation. We now have the choice of doing the analysis, or leaving the IESG to do it for us (and the latter will take a *LOT* longer). I'd love to turn back the clock, but I can't. > [ To provide the context for this question, consider that EMC is in > a similar situation with iSCSI - http://www.ietf.org/ietf/IPR/EMC-IPS > - using generally the same language as we had seen with Lucent. ] For the record, EMC never issued a statement remotely resembling the following November 30, 2001 statement from Lucent: As you are aware, RFC 2945 was neither submitted or proposed by Lucent. Therefore, Lucent's general patent statement to IETF in 1999 does not cover RFC 2945. Lucent has subsequently revised this statement to adopt a more cooperative attitude. IMHO, applying the words "similar situation" to EMC is misleading or worse; I do not recommend trashing my employer's good name as a way to influence my thinking ;-). Lucent was a major factor in creating the current situation we find ourselves in and the resulting delays - EMC was not. > - A procedural question in this regard is the seeming lack of > documented requirements for the authentication mechanism. I > don't really see a list of requirements stated in the security > draft, even though there's general text that discusses some issues. > (BTW, the iSCSI requirements draft (rightly) does not go to the depth > we're seeking here). I am equally to blame for this, but I was under > the impression that we had a list of *documented* requirements to > evaluate candidates - and we chose SRP. I was somewhat surprised > to see that we now seem to be defining/weakening requirements afresh > in some of the recent email threads I had seen. I admit that I am not > a security expert, but I am personally not _yet_ clear on the requirements.... To the extent that they're documented, Ofer's presentation from Nashua almost a year ago is the place to start: http://www.haifa.il.ibm.com/satran/ips/iSCSI-Sec-review-Nashua.pdf There's been one very important change since then. At the time we were considering SRP as the basis for all iSCSI security, and some of the evaluation criteria (especially Performance) are based on using the session keying material that it generates. Since we are now using IKE to provide session keys for IPsec, some things change. A very important change is that one needs to consider the situation in which SRP is used in the absence of IPsec - SRP's resistance to active attack loses some of its value as an active attacker can wait until the authentication is complete and then attack the unprotected TCP connection, although the results are of somewhat less value as the password required to re-authenticate is not obtained. Thanks, --David
Home Last updated: Thu Apr 11 12:18:27 2002 9600 messages in chronological order |