RE: iSCSI: DLB's [T.33] 10.5 Challenge Handshake Authentication Protocol (CHAP)

To: rod.harrison@windriver.com, ips@ece.cmu.edu
Subject: RE: iSCSI: DLB's [T.33] 10.5 Challenge Handshake Authentication Protocol (CHAP)
From: Black_David@emc.com
Date: Mon, 8 Jul 2002 10:05:40 -0400
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Rod,

> 	A MUST here seems to preclude the initiator not offering CHAP due to
> administrative configuration. In fact the original SHOULD seems a bit
> strong.
> 
> 	I.e. is ...
> 
> 	AuthMethod=none
> 
> 	no longer to be valid?

No, this text has no effect on AuthMethod, it's about the values of the
CHAP_A key.  The text in question refers only to the CHAP algorithms
to be offered *once CHAP is selected*.  AuthMethod=none would still
be valid, as is skipping the security negotiation stage entirely.  As the
current text says, the only CHAP algorithm for which interoperability can
be assured is MD5.

There's a related problem here in that the encoding of the values of the
CHAP_A key are not specified - the quickest way out of this one would
be to have them be numbers and refer to the IANA registry from which the
numbers MUST be taken.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449            FAX: +1 (508) 497-8018
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: iSCSI - decimal coded binary strings - a proposed resolution
Next by Date: RE: iSCSI: DLB's [T.37] 11.12 ImmediateData
Prev by thread: Re: iSCSI: DLB's [T.33] 10.5 Challenge Handshake Authentication Protocol (CHAP)
Next by thread: RE: iSCSI: DLB's [T.33] 10.5 Challenge Handshake Authentication Protocol (CHAP)
Index(es):
- Date
- Thread

Home

Last updated: Mon Jul 08 13:18:46 2002
11179 messages in chronological order