SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI: Authentication thoughts



    In the hopes of kicking off some useful discussion, I
    thought I'd post my current views on CHAP, DH-CHAP, and SRP.
    These are posted as an individual and author of the DH-CHAP
    draft, *not* as a WG co-chair.  This post follows a thought
    path through these issues.  While it's by no means the only
    such path, I think this sort of approach is better than
    starting with sets of MUST/SHOULD/MAY words, and comparing/
    contrasting the sets.  IMHO, the fundamental issue is what
    the first/only protocol is that "MUST implement" needs to be
    applied to.
    
    To begin with, simplicity is a virtue, and the simplest
    solution I've seen to iSCSI's authentication requirements
    is to require CHAP with machine-generated keys of sufficient
    length (probably 128 bits), which are a bit unwieldy for
    people to handle (but fit just fine on floppies :-) ).
    
    ISSUE (1): Can we live with machine-generated keys
    	of a sufficient size?
    
    If the answer is "yes", that's it - CHAP with
    machine-generated keys solves the problem.  This would
    be a nice place to wind up.
    
    If human generated/usable keys are required to make
    authentication easier to use, the next question becomes
    the class of attacks against which the protocol should
    defend.
    
    ISSUE (2): Should the authentication protocol be required
    	to defend against active attacks?
    
    A "yes" answer to this issue lands us in the space of
    possible IPR claims that got us to where we are, and
    leads to SRP as the mandatory protocol to implement.
    My current view of this is "no, that's IKE's job",
    although this level of defense is a nice plus.
    
    If one answers this with some form of "no", the next
    question becomes what should be defended against.
    
    ISSUE (3): Should the authentication protocol be
    	required to defend against passive eavesdroppers?
    
    Among the other ways to view this issue is whether there's
    a significant difference between the threat posed by
    an eavesdropper vs. an active attacker.  Unlike David
    Jablon who's arguing that essentially all eavesdroppers
    are capable of mounting arbitrary active attacks with
    results similar to the passive ones, I think that there
    is a significant difference.  I'll post more on this
    topic under separate cover.
    
    In any case, a "no" answer to this issue leads to CHAP,
    and a "yes" answer leads to DH-CHAP.  If human-generated/
    usable keys are required, I find myself in the latter
    place, but with a preference to use SRP if possible (e.g.,
    I like the fact that the SRP password verifier does not
    have to be kept secret when only doing one-way authentication).
    The practical result of this is probably DH-CHAP, though. 
    
    Please comment.
    
    Thanks,
    --David
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
    black_david@emc.com         Cell: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Mon Apr 29 19:18:25 2002
9864 messages in chronological order