|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: Authentication thoughtsIn the hopes of kicking off some useful discussion, I thought I'd post my current views on CHAP, DH-CHAP, and SRP. These are posted as an individual and author of the DH-CHAP draft, *not* as a WG co-chair. This post follows a thought path through these issues. While it's by no means the only such path, I think this sort of approach is better than starting with sets of MUST/SHOULD/MAY words, and comparing/ contrasting the sets. IMHO, the fundamental issue is what the first/only protocol is that "MUST implement" needs to be applied to. To begin with, simplicity is a virtue, and the simplest solution I've seen to iSCSI's authentication requirements is to require CHAP with machine-generated keys of sufficient length (probably 128 bits), which are a bit unwieldy for people to handle (but fit just fine on floppies :-) ). ISSUE (1): Can we live with machine-generated keys of a sufficient size? If the answer is "yes", that's it - CHAP with machine-generated keys solves the problem. This would be a nice place to wind up. If human generated/usable keys are required to make authentication easier to use, the next question becomes the class of attacks against which the protocol should defend. ISSUE (2): Should the authentication protocol be required to defend against active attacks? A "yes" answer to this issue lands us in the space of possible IPR claims that got us to where we are, and leads to SRP as the mandatory protocol to implement. My current view of this is "no, that's IKE's job", although this level of defense is a nice plus. If one answers this with some form of "no", the next question becomes what should be defended against. ISSUE (3): Should the authentication protocol be required to defend against passive eavesdroppers? Among the other ways to view this issue is whether there's a significant difference between the threat posed by an eavesdropper vs. an active attacker. Unlike David Jablon who's arguing that essentially all eavesdroppers are capable of mounting arbitrary active attacks with results similar to the passive ones, I think that there is a significant difference. I'll post more on this topic under separate cover. In any case, a "no" answer to this issue leads to CHAP, and a "yes" answer leads to DH-CHAP. If human-generated/ usable keys are required, I find myself in the latter place, but with a preference to use SRP if possible (e.g., I like the fact that the SRP password verifier does not have to be kept secret when only doing one-way authentication). The practical result of this is probably DH-CHAP, though. Please comment. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Mon Apr 29 19:18:25 2002 9864 messages in chronological order |