|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: possible DH-CHAP rationaleAt 07:06 PM 4/15/02 -0400, Black_David@emc.com wrote: >> Reminder: This is NOT posted in my role as wg chair. >> >> I thought I'd attempt to lay out a possible short >> rationale for why DH-CHAP may be interesting: >> >> (1) Assumption: If one is concerned about active attacks >> on session authentication, one should also be >> concerned about active attacks on the TCP session >> that results after the authentication (e.g., TCP >> hijack for which exploit code is readily available). Assumption (1) may be false, as it depends on considerations that seem beyond the scope of the standard. Following this path of trying to justify DH-CHAP on a technical basis, one should identify all the situations in which an enemy that can receive and send a packet may or may not be significantly different than a mute or self-restrained enemy. Even if the standard were amended to discuss these concerns, it would surely result in something that is harder for people to safely use. -- David
Home Last updated: Tue Apr 16 20:18:31 2002 9690 messages in chronological order |