|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: Authentication MIB questionWe are planning to publish another draft of the IPS authentication MIB in the near future. It currently supports authentication by: AuthMethods - none, CHAP, SRP, Kerberos, SPKM IP address ranges Fibre Channel address ranges (added in the upcoming version) iSCSI Initiator Names Cleanup of most of these items is pretty straightforward, with the exception of SPKM. To configure SPKM public key certificates via the MIB, some certificates will exceed the size of a single UDP/IP packet on many networks. There are some possible solutions to this, but they will require some effort to finish up. So here's the question: In order to do the work to make SPKM configurable through the MIB, we need to know that we are not wasting our time. I have not heard of anyone implementing SPKM as an iSCSI authmethod in the near future; most implementations seem to be supporting None, CHAP, and SRP. If you are planning to implement SPKM as an iSCSI authMethod (this is not the same thing as IPsec public keys), please speak up. Otherwise, I will plan to publish the MIB without public keys, and add them later if necessary. Also, please respond if you are planning to implement Kerberos as well; I want to make sure that the Kerberos attributes are reviewed by anyone who may wish to use them. BTW, here's our to-do-list: > 1. Clean up SRP credential attributes > > 2. Add Kerberos credential attributes > > 3. Decide how to transport certificates in SNMP, or at least > how to transport certificate identifiers > > 4. Support DH-CHAP method if applicable > > 5. Remove netmask from address range > > 6. Re-write IP address section based on AF types > > 7. Finish up security considerations > > 8. Clean up IANA-AF reference > > 9. Split references into normative and informative If you have comments on other things that should go in the IPS auth MIB, please let me know. -- Mark A. Bakke Cisco Systems mbakke@cisco.com 763.398.1054
Home Last updated: Wed Apr 24 20:18:22 2002 9775 messages in chronological order |