|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: SRP vs DH-CHAP> If I understood you right, you have received indications from IESG that a > reasonable design/review of DH-CHAP is expected of this WG - regardless > of the status of the IPR claims. Is that a correct understanding? Almost. If Lucent and Phoenix were to disclaim applicability of their patents to SRP or offer Stanford-like licenses, we could dispense with the DH-CHAP design/review. I don't think that's likely to happen, though. > I realize that a design-team oriented approach may be useful at times > for speed, but it may make sense to post the current set of > requirements being used in designing DH-CHAP. Sure, there are three crucial ones: - Prevent a passive dictionary attack on CHAP via use of a DH exchange. An active dictionary attack (man-in-the-middle) remains possible. - Stay as close to CHAP as possible. The ability to use existing RADIUS servers to verify authentication of DH-CHAP is desirable, although there are security considerations involved in doing so. - Invent as little as possible. Thanks, --David
Home Last updated: Thu Apr 04 13:18:22 2002 9495 messages in chronological order |