Hi all,
I would like to get the ball rolling on inclusion of DH-CHAP
as an authentication method.
At this time, the consensus call is simply on whether this
method should be included as a method, and NOT if it should be MAY or MUST.
Based on the discussion, I believe that there are enough
people that believe that DH-CHAP has enough merit to include it in the
specification, but am requesting confirmation from the group.
Here are the questions I would like this group to answer:
1)
Should DH-CHAP, in its current form, be included as
an authentication method?
2)
Should it be included in addition to those already in
the document, or as a replacement for CHAP?
Again, this is NOT a consensus call on which should be the
mandatory to implement protocol.
That will follow next week.
Any input on this call should be submitted by
Saturday. On Sunday, I will be reviewing and posting the results, so that
the editors of the iSCSI and IPS Security drafts can begin making changes as appropriate
to their documentation, if necessary.
Thanks,
Elizabeth Rodriguez
IPS co-chair.
P. S. On the current discussion – the discussion is
centering around the vulnerabilities of DH-CHAP in an active attack.
I have requested input from the Transport ADs on this topic,
and will be posting an email on this dialog shortly