SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: DH-CHAP resolution


    • To: "Elizabeth G. Rodriguez" <Elizabeth.G.Rodriguez@123mail.net>
    • Subject: RE: iSCSI: DH-CHAP resolution
    • From: "Lee Xing" <lxing@crossroads.com>
    • Date: Tue, 7 May 2002 13:55:47 -0500
    • Cc: <ips@ece.cmu.edu>
    • content-class: urn:content-classes:message
    • Content-Type: multipart/alternative;boundary="----_=_NextPart_001_01C1F5F8.CC6A3D61"
    • Disposition-Notification-To: "Lee Xing" <lxing@Crossroads.com>
    • Sender: owner-ips@ece.cmu.edu
    • Thread-Index: AcH17z1F+52kEBh0S66wetfkr6/hUwACGrEw
    • Thread-Topic: iSCSI: DH-CHAP resolution

    Compare with CHAP, is DH-CHAP any better?  If it is, why we don't want to include DH-CHAP but CHAP as an authentication mechanism for iSCSI?
     
    Thanks.
     
     
    Lee
    -----Original Message-----
    From: Elizabeth G. Rodriguez [mailto:Elizabeth.G.Rodriguez@123mail.net]
    Sent: Tuesday, May 07, 2002 1:30 PM
    To: ips@ece.cmu.edu
    Subject: iSCSI: DH-CHAP resolution
    Importance: High

    All,

     

    As mentioned previously, the consensus call for DH-CHAP was very close.  As a result, Allision Mankin requested security expertise be consulted further prior to declaring consensus on the issue.

    The result is that security experts believe that DH-CHAP, while from the reading, DH-CHAP seems to be a worthy solution but, as many have stated both to me and the ADs privately as well as on the mailing list,

    it is unproven.  As such, the decision has been made to NOT include DH-CHAP as an authentication mechanism for iSCSI.

     

    Now, the next question will be how will this effect the mandatory to implement authentication mechanism decision.  The Transport ADs still have significant concerns about IPR issues as they relate to SRP as the mandatory to implement mechanism.  They also feel that (as has been expressed on the mailing list) we do not have concrete requirements listed for the authentication mechanism.  As such, Allison is in the process of calling a meeting between the Security and Transport ADs. This will likely occur some time late this week.

     

    I realize that everyone is anxious to close on this issue.  I assure you it is being worked, and that the delay is related to making sure that iSCSI has the best chance of success, both in the IETF review process as well as the corporate environment.

     

    Thanks,

     

    Elizabeth Rodriguez

    IPS co-chair

     

     



Home

Last updated: Wed May 08 19:18:34 2002
10015 messages in chronological order