Re: iSCSI: DH-CHAP

["Ofer Biran" <BIRAN@il.ibm.com>]

David,

Being that 'participant' I'd like to clarify that my comments (that
were not that private as the security team was copied) were on an
earlier rough draft David Black posted to the security team just few days
before posting to the general IPS list, and apart from that I'm not aware
of '[closed] design process' on the security team for DH-CHAP.

My main comment was about active impersonation + off line dictionary
attack and a misleading text (in my view) that ignored this attack. The
final version now clearly describes it both in the overview and section 6.

I also commented that getting a password can cause much more damage
than connection hijack after login phase, and this is also mentioned in
section 6.5.

So one has to admit that the draft states fairly and clearly the main
DH-CHAP deficiency - vulnerability to active dictionary attack.

Now - the WG should decide whether the 'IP issue' of SRP is a good enough
reason to replace it with another mandatory method, introducing this
deficiency. SRP was originally chosen over CHAP due to the risk of an
attacker obtaining the password. DH-CHAP only makes that attack 'networkly'
more difficult, but still possible. As I understand it, the IP situation
of SRP (free license of the actual patent, 'reasonable and
non-discriminatory' IETF statements for the patents that were brought up as
'might be related'), according to the IETF policy, should not cause the WG
to change for something technically deficient.

I currently vote for putting DH-CHAP as another MAY method (it does provide
valuable resilience over CHAP in certain environments, and the draft seems
in a pretty good shape), unless somebody convince me that I misunderstood
the
SRP IP situation and/or the IETF policy.


   Regards,
     Ofer


Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253


David Jablon <dpj@theworld.com>@ece.cmu.edu on 11/04/2002 21:16:42

Please respond to David Jablon <dpj@theworld.com>

Sent by:    owner-ips@ece.cmu.edu


To:    David Black <Black_David@emc.com>
cc:    <ips@ece.cmu.edu>, <ElizabethRodriguez@ieee.org>,
       <Elizabeth.G.Rodriguez@123mail.net>
Subject:    Re: iSCSI: DH-CHAP



David,

I respectfully request that my name be removed from the acknowlegements
section of <draft-black-ips-iscsi-dhchap-00.txt>, as it might otherwise
lead people to mistakenly believe that I was a willing and active
participant
in the design effort.

I am strongly opposed to designing a cryptographic authentication
protocol with the deliberate goal to be vulnerable to active attack.

For the record, I responded to an unsolicited draft that was forwarded
to me in a private email, along with other comments, by one of the
participants in this design process that was otherwise closed-to-me.
My reply, out of courtesy to that participant, was exactly this:

>Your comments were good, and I'd say that the draft looks to
>be in good enough shape for the purposes of IPS discussion,
>except to note that "passwords" are never mentioned.
>
>If serious cryptographic review were necessary, then I think a lot of
>people would argue the point that the draft is necessarily
>out of scope for IPS consideration today anyway.

Apparently, those comments resulted in a draft that includes discussion
about passwords.  However, evidence of serious cryptographic review
remains to be seen, and seems problematic in light of the technical
design goals.  In light of this, the motivation for this work, and my
earlier public comments regarding closed vs. open design process,
I hope you'll understand why I prefer to not have my name associated
with this effort.  Thanks.

Best regards,


David Jablon