RE: iSCSI: SRP vs DH-CHAP

To: cbm@rose.hp.com
Subject: RE: iSCSI: SRP vs DH-CHAP
From: Black_David@emc.com
Date: Wed, 3 Apr 2002 16:34:00 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

> If I understood you right, you have received indications from IESG that a 
> reasonable design/review of DH-CHAP is expected of this WG - regardless
> of the status of the IPR claims.  Is that a correct understanding?

Almost.  If Lucent and Phoenix were to disclaim applicability of their
patents to SRP or offer Stanford-like licenses, we could dispense with
the DH-CHAP design/review.  I don't think that's likely to happen, though.

> I realize that a design-team oriented approach may be useful at times
> for speed, but it may make sense to post the current set of 
> requirements being used in designing DH-CHAP.

Sure, there are three crucial ones:
- Prevent a passive dictionary attack on CHAP via use of a DH exchange.
	An active dictionary attack (man-in-the-middle) remains possible.
- Stay as close to CHAP as possible.  The ability to use existing
	RADIUS servers to verify authentication of DH-CHAP is desirable,
	although there are security considerations involved in doing so.
- Invent as little as possible.

Thanks,
--David

Prev by Date: RE: iSCSI:SRP
Next by Date: Re: FCEncap Last Call Comment 40
Prev by thread: RE: iSCSI: SRP vs DH-CHAP
Next by thread: RE: iSCSI: SRP vs DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Thu Apr 04 13:18:22 2002
9495 messages in chronological order