SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: CHAP sequence



    Hi Ambrish,
    
    1) In iSCSI (and probably PPP) the CHAP_N field is only useful
       for the authenticator (as far as CHAP is concerned),
       so Ofer and I decided to only send it that way.
    
    2) In PPP the CHAP_I field is used to match responses
       with requests, since a PPP PDU can be lost over the
       link and have to be resent.  In iSCSI that
       can't happen, since we use TCP, so Ofer and I decided
       to only send it with the CHAP_C, since it is needed
       to calculate the CHAP_R.
    
    Keep in mind we are only using the protocol part of PPP CHAP,
    and not the PPP specific encoding scheme.
    
    Regards,
    Steve Senum
    
    Ambrish Verma wrote:
    > 
    > Hi Steve,
    >      I understand what you are saying, In that case
    > 
    > 1) CHAP_N also happens to be the separate field, is it not required to
    > be sent by the authenticator to initiator?
    > 
    > 2) If you go to the next statement in which it says like:
    > "
    >    The initiator MUST continue with:
    >       CHAP_N=<N> CHAP_R=<R>
    > "
    > 
    >   I think initiator is also required to return "CHAP_I" so shouldn't it
    > be like :
    > 
    > "
    >    The initiator MUST continue with:
    >       CHAP_N=<N> CHAP_R=<R> CHAP_I=<I>
    > "
    > 
    > Thanks
    > Ambrish
    > 
    > -----Original Message-----
    > From: Steve Senum [mailto:ssenum@cisco.com]
    > Sent: Thursday, July 11, 2002 12:52 PM
    > To: Ambrish Verma; ietf-ips
    > Subject: Re: iSCSI: CHAP sequence
    > 
    > Hi Ambrish,
    > 
    > The CHAP sequence in the iSCSI draft is correct.
    > In RFC 1994, the CHAP_I and CHAP_C are seperate
    > fields sent in the same PPP PDU, but they are
    > still seperate fields, so in iSCSI Ofer and I
    > decided to send them as seperate iSCSI keys.
    > 
    > Regards,
    > Steve Senum
    > 
    > I have a doubt about CHAP sequence explained in draft. Under section
    > 10.5 there
    > is a description like :
    > 
    > "
    > 
    >    The target MUST answer with a Login reject with the "Authentication
    > 
    >    Failure" status or reply with:
    > 
    > 
    > 
    >       CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
    > 
    > 
    > 
    >    Where A is one of A1,A2... that were proposed by the initiator.
    > 
    > 
    > 
    >    The initiator MUST continue with:
    > 
    > 
    > 
    >       CHAP_N=<N> CHAP_R=<R>
    > 
    >  "
    > 
    > 
    > 
    > 
    > 
    > shouldn't it be like:
    > 
    > 
    > 
    > "
    > 
    >    The target MUST answer with a Login reject with the "Authentication
    > 
    >    Failure" status or reply with:
    > 
    > 
    > 
    >       CHAP_A=<A> CHAP_C=<C>
    > 
    > 
    > 
    >    Where A is one of A1,A2... that were proposed by the initiator.
    > 
    > 
    > 
    >    The initiator MUST continue with:
    > 
    > 
    > 
    >       CHAP_R=<R>
    > 
    > "
    > 
    > 
    > 
    > because I think the identifier (CHAP_I) and name CHAP_N) are already an
    > integrated part of CHAP_C and CHAP_R (the way it is
    > explained in RFC1994).
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > Thanks
    > 
    > Ambrish
    


Home

Last updated: Thu Jul 11 18:18:52 2002
11281 messages in chronological order