|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: SRP vs DH-CHAPAt 03:47 PM 4/3/02 -0800, Bill Studenmund wrote: >My concern with SRP is simple: we will need to license patents. Bill, it is not clear to me whether you will or won't "need to license patents", although you may have a legitimate reason to be concerned about the unknowns. Also, in light of what Pat Thaler recently wrote: >... If you consider a non-free license to be a barrier to smooth progress then we >already have that problem independent of SRP, ... Can you elaborate on how you addressed your needs and concerns in that regard? Bill also wrote: >... With CHAP or DH+CHAP, we won't. Simple black and white declarative statements sound nice. But have you actually investigated patent issues of the alternatives? Or are you simply assuming that the IESG or WG has done that for you? >... why wouldn't you be using IPsec ESP? If you don't do something to >protect the connection once it's up, someone can steal it. Regardless of >what (CHAP, SRP) was done to protect the password. While I in no way want to argue a case for using unencrypted channels in a hostile environment, I should note that session hijacking is more difficult than password stealing, especially regarding CHAP. I've also responded to some of your other points in the RE: iSCSI:SRP thread. >... If you aren't doing IPsec ESP, then discussions about password security >(SRP vs. CHAP) are like talking about how good a deadbolt we have on the >door when we leave windows unlocked. I think Ted and I have already both taken that "home improvement" debate about as far as it can go for now. We should probably stick to precise discussion from here on. -- David
Home Last updated: Thu Apr 04 15:18:21 2002 9501 messages in chronological order |