RE: iSCSI: possible DH-CHAP rationale

To: Black_David@emc.com
Subject: RE: iSCSI: possible DH-CHAP rationale
From: David Jablon <dpj@theworld.com>
Date: Tue, 16 Apr 2002 16:36:46 -0400
Cc: ips@ece.cmu.edu
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <277DD60FB639D511AC0400B0D068B71E02937795@CORPMX14>
Sender: owner-ips@ece.cmu.edu

At 07:06 PM 4/15/02 -0400, Black_David@emc.com wrote:
>> Reminder: This is NOT posted in my role as wg chair.
>> 
>> I thought I'd attempt to lay out a possible short
>> rationale for why DH-CHAP may be interesting:
>> 
>> (1) Assumption: If one is concerned about active attacks
>>       on session authentication, one should also be
>>       concerned about active attacks on the TCP session
>>       that    results after the authentication (e.g., TCP
>>       hijack for which exploit code is readily available).

Assumption (1) may be false, as it depends on considerations
that seem beyond the scope of the standard.

Following this path of trying to justify DH-CHAP on a technical basis,
one should identify all the situations in which an enemy that can receive
and send a packet may or may not be significantly different than a mute or
self-restrained enemy.

Even if the standard were amended to discuss these concerns, it would
surely result in something that is harder for people to safely use.

-- David

Follow-Ups:
- RE: iSCSI: possible DH-CHAP rationale
  - From: Bill Studenmund <wrstuden@wasabisystems.com>

References:
- RE: iSCSI: possible DH-CHAP rationale
  - From: Black_David@emc.com

Prev by Date: I-D ACTION:draft-ietf-ips-fcencapsulation-07.txt,.pdf
Next by Date: FC Frame Encapsulation ready for next step
Prev by thread: RE: iSCSI: possible DH-CHAP rationale
Next by thread: RE: iSCSI: possible DH-CHAP rationale
Index(es):
- Date
- Thread

Home

Last updated: Tue Apr 16 20:18:31 2002
9690 messages in chronological order