Re: iSCSI: TargetAuth

To: "Lakshmi Ramasubramanian" <nramas@windows.microsoft.com>
Subject: Re: iSCSI: TargetAuth
From: "Ofer Biran" <BIRAN@il.ibm.com>
Date: Thu, 20 Jun 2002 10:31:50 +0300
Cc: <ips@ece.cmu.edu>
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=iso-8859-1
Importance: Normal
Sender: owner-ips@ece.cmu.edu


lakshmi,

In all authentication methods, initiator authentication is
mandatory, and target authentication is dictated by the
initiator (they are both mandatory to implement of course).

In SRP, the initiator dictates it by the TargetAuth
key. In CHAP, by sending the CHAP_I, CHAP_C keys in
the right step (see 10.5). In Kerberos and SPKM it is
by setting a mutual field in the initiator token (see
10.2, 10.3).

  Regards,
     Ofer



Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253


"Lakshmi Ramasubramanian" <nramas@windows.microsoft.com>@ece.cmu.edu on
20/06/2002 02:52:22

Please respond to "Lakshmi Ramasubramanian" <nramas@windows.microsoft.com>

Sent by:    owner-ips@ece.cmu.edu


To:    <ips@ece.cmu.edu>
cc:
Subject:    iSCSI: TargetAuth




In the Login phase examples given, the key TargetAuth  is used
ONLY with SRP. Does this mean that target  authentication needs
to be negotiated only for SRP? If so, what is the  default
behaviour for other authentication methods? Is there  any way
to negotiate this?

It'll be good to have both sides authenticate each  other (by default)
for all authentication methods.

thanks!
 -lakshmi

Prev by Date: RE: iSCSI: Negotiating a parameter more than once
Next by Date: RE: Question regarding SNACK and bidi transfers
Prev by thread: iSCSI: TargetAuth
Next by thread: iSCSI - forcing no data
Index(es):
- Date
- Thread

Home

Last updated: Thu Jun 20 07:18:52 2002
10907 messages in chronological order