All,
I asked for a consensus call on the
inclusion of DH-CHAP last Wed, and requested response by Saturday.
I received exactly 3 responses – two
for inclusion and one against. Clearly not enough direct input to call consensus
on the issue.
Without the decision of whether DH-CHAP
should be included or not, it is hard to move on to the next consensus call –
what should be the mandatory to implement authentication method.
This evening, I will be reviewing all
discussion on DH-CHAP again, and composing what I believe is a summary of the
discussion to date.
I will share the summary with the ADs and with
their input I will, as chair, make a decision on the status of the inclusion of
DH-CHAP.
If anyone wants to provide further input,
please contact me immediately. Since this email is going out late in the
afternoon, I will wait until tomorrow afternoon to send out the decision.
Again, this is only on the decision to
include DH-CHAP in the specification as a protocol for authentication.
The consensus call for the mandatory to implement protocol will follow, likely
on Tues evening or Wed morning.
Elizabeth
-----Original Message-----
From: Elizabeth G. Rodriguez
[mailto:Elizabeth.G.Rodriguez@123mail.net]
Sent: Wednesday, April 17, 2002
12:24 AM
To: 'ips@ece.cmu.edu'
Subject: Concensus call: Inclusion
of DH-CHAP
Hi all,
I would like to get the ball rolling
on inclusion of DH-CHAP as an authentication method.
At this time, the consensus call is
simply on whether this method should be included as a method, and NOT if it
should be MAY or MUST.
Based on the discussion, I believe
that there are enough people that believe that DH-CHAP has enough merit to
include it in the specification, but am requesting confirmation from the group.
Here are the questions I would like
this group to answer:
1) Should
DH-CHAP, in its current form, be included as an authentication method?
2) Should it be
included in addition to those already in the document, or as a replacement for
CHAP?
Again, this is NOT a consensus call
on which should be the mandatory to implement protocol.
That will follow next week.
Any input on this call should be
submitted by Saturday. On Sunday, I will be reviewing and posting the
results, so that the editors of the iSCSI and IPS Security drafts can begin
making changes as appropriate to their documentation, if necessary.
Thanks,
Elizabeth Rodriguez
IPS co-chair.
P. S. On the current discussion
– the discussion is centering around the vulnerabilities of DH-CHAP in an
active attack.
I have requested input from the
Transport ADs on this topic, and will be posting an email on this dialog
shortly