|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: Authentication thoughtsExcerpt of message (sent 29 April 2002) by Steve Senum: > I would be favor of CHAP (with machine > generated keys) as the mandatory protocol. I agree about CHAP. It's not clear to me that the spec can require a particular operational procedure on the part of the users of iSCSI. It makes a lot of sense to say "machine generated 'passwords' are recommended for best security" but I don't know how we could operationally mandate the use of generated keys. > If the user requires better security, I believe > IPsec should be used. Agreed. For example, that will take care of the "wimpy active attack" vs. "really good active attack" issue. IPsec foils both. paul
Home Last updated: Tue Apr 30 13:18:30 2002 9887 messages in chronological order |