Re: Document Action: iSCSI Requirements and Design Considerations to Informational

[David Jablon <dpj@theworld.com>]

Regarding the security requirements in
<http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-reqmts-06.txt> ...

Section 6.2 draws a curious and potentially dangerous distinction between
active and passive attacks.  It states that the authentication protocol MUST
be resilient to passive attacks, implying that the protocol MAY permit
active attacks.

This is generally not a acceptable practice in security or cryptographic
protocol design.  Generally speaking, on IP networks, someone who
can read packets can also send packets.

A simple fix is to remove the distinction in 6.2 between active and
passive attacks, as in:

        "6.2 ...  The iSCSI authenticated login MUST be resilient against 
        attacks.  ..." 

If one chooses to discriminate in this document between active and
passive attacks, going against common wisdom, I would think that
one *must* justify within the document exactly what distinction is
being made and why.

I think that the IPS WG discussed valid reasons why one might want
to protect the authentication packets to a higher degree than session
data packets.  On the other hand, I heard no particularly good reason
why active attacks would be categorically impossible in the common
settings where passive attacks would be possible.

I also have a small editorial comment on page 2:

>Conventions used in this document 
>    
>   This document describes the requirements for a protocol design, but 
>   does define a protocol standard. ...

I presume this should really say "does not define a protocol standard".

-- David


At 04:56 PM 4/25/02 -0400, The IESG wrote:

>The IESG has approved the Internet-Draft 'iSCSI Requirements and Design
>Considerations' <draft-ietf-ips-iscsi-reqmts-06.txt> as an
>Informational RFC.  This document is the product of the IP Storage
>Working Group.  The IESG contact persons are Allison Mankin and Scott
>Bradner.