|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: DLB's [T.33] 10.5 Challenge Handshake Authentication Protocol (CHAP)Rod, > A MUST here seems to preclude the initiator not offering CHAP due to > administrative configuration. In fact the original SHOULD seems a bit > strong. > > I.e. is ... > > AuthMethod=none > > no longer to be valid? No, this text has no effect on AuthMethod, it's about the values of the CHAP_A key. The text in question refers only to the CHAP algorithms to be offered *once CHAP is selected*. AuthMethod=none would still be valid, as is skipping the security negotiation stage entirely. As the current text says, the only CHAP algorithm for which interoperability can be assured is MD5. There's a related problem here in that the encoding of the values of the CHAP_A key are not specified - the quickest way out of this one would be to have them be numbers and refer to the IANA registry from which the numbers MUST be taken. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 FAX: +1 (508) 497-8018 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Mon Jul 08 13:18:46 2002 11179 messages in chronological order |