RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution

[Black_David@emc.com]

Responding to Paul Koning's concerns:

[Paul Koning 1]: 96 bits of entropy requirement is not testable, and
	should be removed for that reason, ditto the dependence of the
	"MUST use ESP" and related requirements on this level of entropy.

In practice, many cryptographic protocols depend on high entropy;
both IKE and SRP almost certainly break in some ways if their nonces
aren't random.  I agree that there's no good way to test the entropy
of a generator of randomness, but I believe we need some way to
discriminate between weak and strong CHAP secrets in the requirements
language, as the alternatives to not doing this may include "SHOULD
use" or "MUST use" ESP encryption with CHAP in all cases, which I
suspect folks will find far less palatable.  Also, we have this issue
elsewhere in that inadequate entropy in their nonces almost certainly
breaks IKE, SRP, and Kerberos in various ways.

[Paul Koning 2]: A "MUST use" for ESP with weak CHAP secrets should
	be avoided.

Part of the motivation for this is definitely to provide an incentive
to use strong secrets with CHAP.  Given that the "MUST use" applies only
when a SHOULD is ignored, I don't think it's that objectionable, and
there was an example of a similar "MUST use" involving SIP mentioned
on the call whose details I don't have to hand.  In essence, the position
being taken here is that CHAP with a weak secret (e.g., password) is
sufficiently weak that one shouldn't fool oneself into thinking that
it provides any real protection unless something else (ESP encryption)
is done.  That would be a fair topic for discussion.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------