|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI:SRPExcerpt of message (sent 3 April 2002) by Bill Studenmund: > On Wed, 3 Apr 2002, Paul Koning wrote: > > 1. CHAP is vulnerable to certain attacks that SRP does not suffer > > from, and is one-way. > > Are these concerns strong enough to warrant using patented technologies? > > While I gather it wasn't always so, IPsec is now the primary form of > security for iSCSI connections. Whatever login method is chosen, it will > (should) be happening in an ESP-protected channel. Someone else tried that argument. It didn't go very far, because IPsec is optional to use. You can try to revive that argument if you wish, but you may want to go back and look at the last iteration. > > 2. DH-CHAP had not been specified yet, while SRP is a published RFC. > > > > Why isn't (2) sufficient? Surely, when we're trying to go through the > > RFC publication process, we can't be expected to consider a proposal > > that is not yet at the "draft 00" stage as a prime contender, can we? > > Otherwise no one could ever finish. > > The concerns over SRP involve IPR, which is a seperate question from being > an RFC. We have not yet had an IPR call for DH+CHAP. Just because CHAP appears to be unencumbered does NOT mean that DH+CHAP will be. > > Is there any consensus that iSCSI Last Call should wait for DH-CHAP > > Last Call? > > Yes. OH REALLY? I did not see a consensus call. And I most assuredly did not see consensus. David, can we have a consensus call on this? paul
Home Last updated: Thu Apr 04 12:18:18 2002 9490 messages in chronological order |