|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: CHAP sequenceyes now it makes perfect sense... Thanks a lot Ambrish -----Original Message----- From: Steve Senum [mailto:ssenum@cisco.com] Sent: Thursday, July 11, 2002 1:33 PM To: Ambrish Verma; ietf-ips Subject: Re: iSCSI: CHAP sequence Hi Ambrish, 1) In iSCSI (and probably PPP) the CHAP_N field is only useful for the authenticator (as far as CHAP is concerned), so Ofer and I decided to only send it that way. 2) In PPP the CHAP_I field is used to match responses with requests, since a PPP PDU can be lost over the link and have to be resent. In iSCSI that can't happen, since we use TCP, so Ofer and I decided to only send it with the CHAP_C, since it is needed to calculate the CHAP_R. Keep in mind we are only using the protocol part of PPP CHAP, and not the PPP specific encoding scheme. Regards, Steve Senum Ambrish Verma wrote: > > Hi Steve, > I understand what you are saying, In that case > > 1) CHAP_N also happens to be the separate field, is it not required to > be sent by the authenticator to initiator? > > 2) If you go to the next statement in which it says like: > " > The initiator MUST continue with: > CHAP_N=<N> CHAP_R=<R> > " > > I think initiator is also required to return "CHAP_I" so shouldn't it > be like : > > " > The initiator MUST continue with: > CHAP_N=<N> CHAP_R=<R> CHAP_I=<I> > " > > Thanks > Ambrish > > -----Original Message----- > From: Steve Senum [mailto:ssenum@cisco.com] > Sent: Thursday, July 11, 2002 12:52 PM > To: Ambrish Verma; ietf-ips > Subject: Re: iSCSI: CHAP sequence > > Hi Ambrish, > > The CHAP sequence in the iSCSI draft is correct. > In RFC 1994, the CHAP_I and CHAP_C are seperate > fields sent in the same PPP PDU, but they are > still seperate fields, so in iSCSI Ofer and I > decided to send them as seperate iSCSI keys. > > Regards, > Steve Senum > > I have a doubt about CHAP sequence explained in draft. Under section > 10.5 there > is a description like : > > " > > The target MUST answer with a Login reject with the "Authentication > > Failure" status or reply with: > > > > CHAP_A=<A> CHAP_I=<I> CHAP_C=<C> > > > > Where A is one of A1,A2... that were proposed by the initiator. > > > > The initiator MUST continue with: > > > > CHAP_N=<N> CHAP_R=<R> > > " > > > > > > shouldn't it be like: > > > > " > > The target MUST answer with a Login reject with the "Authentication > > Failure" status or reply with: > > > > CHAP_A=<A> CHAP_C=<C> > > > > Where A is one of A1,A2... that were proposed by the initiator. > > > > The initiator MUST continue with: > > > > CHAP_R=<R> > > " > > > > because I think the identifier (CHAP_I) and name CHAP_N) are already an > integrated part of CHAP_C and CHAP_R (the way it is > explained in RFC1994). > > > > > > > > Thanks > > Ambrish
Home Last updated: Sun Jul 14 04:19:06 2002 11314 messages in chronological order |