RE: iSCSI: CHAP sequence

["Ambrish Verma" <averma@marantinetworks.com>]

Hi Steve,
     I understand what you are saying, In that case 

1) CHAP_N also happens to be the separate field, is it not required to
be sent by the authenticator to initiator?

2) If you go to the next statement in which it says like:
"
   The initiator MUST continue with:
      CHAP_N=<N> CHAP_R=<R>
"

  I think initiator is also required to return "CHAP_I" so shouldn't it
be like :

"
   The initiator MUST continue with:
      CHAP_N=<N> CHAP_R=<R> CHAP_I=<I>
"



Thanks
Ambrish



-----Original Message-----
From: Steve Senum [mailto:ssenum@cisco.com] 
Sent: Thursday, July 11, 2002 12:52 PM
To: Ambrish Verma; ietf-ips
Subject: Re: iSCSI: CHAP sequence

Hi Ambrish,

The CHAP sequence in the iSCSI draft is correct.
In RFC 1994, the CHAP_I and CHAP_C are seperate
fields sent in the same PPP PDU, but they are
still seperate fields, so in iSCSI Ofer and I
decided to send them as seperate iSCSI keys.

Regards,
Steve Senum


I have a doubt about CHAP sequence explained in draft. Under section
10.5 there
is a description like :

"

   The target MUST answer with a Login reject with the "Authentication 

   Failure" status or reply with:

 

      CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>

 

   Where A is one of A1,A2... that were proposed by the initiator.

 

   The initiator MUST continue with:

 

      CHAP_N=<N> CHAP_R=<R>

 "

 

 

shouldn't it be like:

 

"

   The target MUST answer with a Login reject with the "Authentication 

   Failure" status or reply with:

 

      CHAP_A=<A> CHAP_C=<C>

 

   Where A is one of A1,A2... that were proposed by the initiator.

 

   The initiator MUST continue with:

 

      CHAP_R=<R>

"

 

because I think the identifier (CHAP_I) and name CHAP_N) are already an
integrated part of CHAP_C and CHAP_R (the way it is
explained in RFC1994).

 

 

 

Thanks

Ambrish