All,
As mentioned previously, the consensus call for DH-CHAP was
very close. As a result, Allision Mankin requested security expertise be
consulted further prior to declaring consensus on the issue.
The result is that security experts believe that DH-CHAP,
while from the reading, DH-CHAP seems to be a worthy solution but, as many have stated both to me and the
ADs privately as well as on the mailing list,
it is unproven. As such, the
decision has been made to NOT include DH-CHAP as an authentication mechanism
for iSCSI.
Now, the next question will be how will this effect the
mandatory to implement authentication mechanism decision. The Transport
ADs still have significant concerns about IPR issues as they relate to SRP as
the mandatory to implement mechanism. They also feel that (as has been
expressed on the mailing list) we do not have concrete requirements listed for
the authentication mechanism. As such, Allison is in the process of calling
a meeting between the Security and Transport ADs. This will likely occur some
time late this week.
I realize that everyone is anxious to close on this
issue. I assure you it is being worked, and that the delay is related to
making sure that iSCSI has the best chance of success, both in the IETF review
process as well as the corporate environment.
Thanks,
Elizabeth Rodriguez
IPS co-chair