SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI:SRP



    > They asked us to "consider" DH+Chap but it was not a hard requirement, you
    > told us that they would accept Chap, but wanted us to consider a way to
    > make it more secure.  I think the work that has been done, is clearly
    > considering it, and with the combination of SRP and current Chap clearly
    > meets requirements.
    
    That work is not complete.  There are at least two technical explanations
    missing that have to go into the iSCSI specification in order to
    pursue this course of action:
    
    (1) Why is CHAP by itself not sufficient?
    (2) Why is SRP preferable to DH-CHAP?
    
    The second one is crucial as it is the justification to the IESG that
    technology potentially subject to patents needs to be used in preference
    to unencumbered technology. 
    
    I also think that the focus on MUST/SHOULD/MAY to the detriment of
    technical discussion of the alternatives is premature - we have
    to have solid technical reasons for our decisions ... and if we don't
    provide them the first time, the IESG will be happy to return the
    iSCSI draft to the WG for us to do them over.  I suggest focusing on
    at least (1) and (2) above rather than MUST/SHOULD/MAY.
    
    Since some people clearly want to dig into this, here's a one-sentence
    summary of DH+CHAP:
    
    	The basic idea is to augment the CHAP challenge with the
    	key that results from the Diffie-Hellman exchange so that
    	the CHAP response depends on both of them.
    
    This is not identical to what I may have discussed with some people
    in the past, as it has now received some expert review and been modified
    accordingly.  For CHAP, see RFC 1994.  For the Diffie-Hellman exchange,
    Section 22.1 of Schneier's Applied Cryptography book, is one of many
    sources that describe it.  For anyone concerned about computation
    operations, one additional invocation of the one-way hash is needed
    on each side in addition to the DH calculations and CHAP's one-way hash
    invocation.  In practice, the DH calculations (exponentiations in
    particular) are the computationally expensive part.
    
    That should be enough to start a discussion of requirements and
    implementation implications in the absence of the complete Internet-Draft;
    I'm sorry that the latter's not available yet ... I will try to get it
    done soon.
    
    Thanks,
    --David
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Wed Apr 03 16:18:19 2002
9458 messages in chronological order