All,
As mentioned previously, the
consensus call for DH-CHAP was very close. As a result, Allision Mankin
requested security expertise be consulted further prior to declaring consensus
on the issue.
The result is that security
experts believe that DH-CHAP, while from the reading, DH-CHAP seems to be a
worthy solution but,
as many have stated both to me and the ADs privately as well as
on the mailing list,
it is
unproven. As such, the decision has been made to NOT include DH-CHAP as
an authentication mechanism for iSCSI.
Now, the next question will be how
will this effect the mandatory to implement authentication mechanism
decision. The Transport ADs still have significant concerns about IPR
issues as they relate to SRP as the mandatory to implement mechanism.
They also feel that (as has been expressed on the mailing list) we do not have
concrete requirements listed for the authentication mechanism. As such,
Allison is in the process of calling a meeting between the Security and
Transport ADs. This will likely occur some time late this week.
I realize that everyone is anxious
to close on this issue. I assure you it is being worked, and that the
delay is related to making sure that iSCSI has the best chance of success,
both in the IETF review process as well as the corporate
environment.
Thanks,
Elizabeth
Rodriguez
IPS co-chair