SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI:SRP



    Some important comments and clarifications:
    
    > Now, I personally believe, as you mentioned in your note, that the right
    > way to do this is to have the SRP as a SHOULD implement.  But at
    > Minneapolis I brought that up and was shot down by the AD, and he told us
    > that IPR could not be a valid reason for using the SHOULD word.  "SHOULD"
    > we were told should be used for technical reasons.  That is, the following
    > statement in RFC2119, is being interpreted as being focused on the
    > technical:
    > 
    > "SHOULD   This word, or the adjective "RECOMMENDED", mean that there
    >    may exist valid reasons in particular circumstances to ignore a
    >    particular item, but the full implications must be understood and
    >    carefully weighed before choosing a different course."
    
    It is not just that statement, and not just an interpretation.  Section
    6 of RFC 2119 is quite explicit about this.  It says:
    
    6. Guidance in the use of these Imperatives
    
       Imperatives of the type defined in this memo must be used with care
       and sparingly.  In particular, they MUST only be used where it is
       actually required for interoperation or to limit behavior which has
       potential for causing harm (e.g., limiting retransmissions)  For
       example, they must not be used to try to impose a particular method
       on implementors where the method is not required for
       interoperability.
    
    Needless to say, difficulty in getting a license or a license at
    reasonable cost does not fall under "required for interoperation or
    to limit behavior that has the potential for causing harm (e.g.,
    limiting retransmissions".  The AD who brought this topic up in
    Minneapolis is the author of RFC 2119 and was reminding the WG
    of this section.
    
    > There is one other worry I have about Chap and DH-Chap.  Though we were
    > only asked to "consider" DH-Chap, I think the implication was to consider
    > it to solve the MUST problem.  Now that David thinks he has a working
    > DH-Chap proposal, I am afraid that the ADs will see the proposal as a
    valid
    > way to get a stronger Chap, and not let plain Chap be the only MUST.  If
    > that happens we will be stuck with an unproven DH-CHAP as the only MUST.
    > And that worries me a lot.
    
    I think this sort of speculation about what the ADs might do is uncalled-for
    and a complete waste of time.  If we have good technical reasons for what
    we do, I don't think we will get shafted in this fashion.
    
    > OK, this was a round about way of saying, SRP as MUST implement since we
    > know that is Strong, therefore we can not be compelled to take DH-CHAP as
    a
    > MUST.
    
    I want to express my continued *strong disapproval* of this sort of
    gaming of the process ("we can not be compelled to take DH-CHAP as a
    MUST").  I hope John intended "would not need DH-CHAP as a MUST" since
    SRP would be equally usable and a superior technical solution.
    
    > We really need to come to closure, so let me offer some
    > options:
    > 
    > 1. SRP MUST, CHAP MUST, DH-CHAP MAY
    > 2. SRP SHOULD, CHAP MUST, DH-CHAP MAY (need technical reason for the SRP
    > not being MUST)
    > 3. SRP MUST, CHAP SHOULD, DH-CHAP MAY (for those folks that do not want
    two
    > MUSTs)
    > 4. SRP MUST, CHAP MAY, DH-CHAP MAY
    > 5. SRP MAY, CHAP MUST, DH-CHAP MAY (we must feel comfortable that it will
    > not morph into option 5)
    > 6. SRP MAY, CHAP MAY, DH-CHAP MUST  (this one worries me the most)
    
    This is unbelievably premature in the absence of a DH-CHAP draft.
    Apparently, I cannot stop people from wasting list bandwidth in this
    fashion, but it is NOT MAKING ANY PROGRESS towards what we need to
    get done, and it is the WRONG WAY to analyze this sort of issue
    (i.e., it is wrong to consider RFC 2119 words in the abstract without
    reference to the actual technical requirements that motivate the words).
    
    There are some valid technical points in John's post - the strength of
    SRP, and the compatibility of CHAP with existing equipment, but they
    are surrounded by a great deal of text that attempts to game or end-run
    IETF processes, and that is fundamentally unproductive.
    
    In the hopes of getting this back onto a more productive path, let
    me toss in a technical issue.  DH-CHAP will be compatible with existing
    RADIUS servers (same signature format, and the recipient of the response
    can compute the challenge was that the sender should have signed), BUT
    ... there's a problematic security issue.  Existing RADIUS servers
    want the challenge and response sent to them, over connections that
    usually aren't encrypted.  If the DH-CHAP response and computed
    challenge are sent over such a connection, a passive eavesdropper on
    that connection gains the material to mount a dictionary attack as
    if she'd monitored a CHAP exchange (i.e., sending the DH-CHAP results
    to RADIUS in the clear may negate the DH advantages).  This would be
    a major drawback to using DH-CHAP with existing RADIUS (and the like)
    servers if one can generally expect an eavesdropper on the IP Storage
    connection to also be able to eavesdrop on the connection to the
    RADIUS server - do people think that is likely to be or not be the
    case in general, and why?
    
    Thanks,
    --David
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Thu Apr 04 17:18:22 2002
9506 messages in chronological order