SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: SRP vs DH-CHAP



    > If I understood you right, you have received indications from IESG that a 
    > reasonable design/review of DH-CHAP is expected of this WG - regardless
    > of the status of the IPR claims.  Is that a correct understanding?
    
    Almost.  If Lucent and Phoenix were to disclaim applicability of their
    patents to SRP or offer Stanford-like licenses, we could dispense with
    the DH-CHAP design/review.  I don't think that's likely to happen, though.
    
    > I realize that a design-team oriented approach may be useful at times
    > for speed, but it may make sense to post the current set of 
    > requirements being used in designing DH-CHAP.
    
    Sure, there are three crucial ones:
    - Prevent a passive dictionary attack on CHAP via use of a DH exchange.
    	An active dictionary attack (man-in-the-middle) remains possible.
    - Stay as close to CHAP as possible.  The ability to use existing
    	RADIUS servers to verify authentication of DH-CHAP is desirable,
    	although there are security considerations involved in doing so.
    - Invent as little as possible.
    
    Thanks,
    --David
    


Home

Last updated: Thu Apr 04 13:18:22 2002
9495 messages in chronological order