RE: iSCSI: CHAP sequence

To: "'Steve Senum'" <ssenum@cisco.com>, "'ietf-ips'" <ips@ece.cmu.edu>
Subject: RE: iSCSI: CHAP sequence
From: "Ambrish Verma" <averma@marantinetworks.com>
Date: Thu, 11 Jul 2002 14:30:34 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="us-ascii"
Importance: Normal
In-Reply-To: <3D2DEB6E.62FB3CE0@cisco.com>
Sender: owner-ips@ece.cmu.edu

yes now it makes perfect sense...

Thanks a lot
Ambrish

-----Original Message-----
From: Steve Senum [mailto:ssenum@cisco.com] 
Sent: Thursday, July 11, 2002 1:33 PM
To: Ambrish Verma; ietf-ips
Subject: Re: iSCSI: CHAP sequence

Hi Ambrish,

1) In iSCSI (and probably PPP) the CHAP_N field is only useful
   for the authenticator (as far as CHAP is concerned),
   so Ofer and I decided to only send it that way.

2) In PPP the CHAP_I field is used to match responses
   with requests, since a PPP PDU can be lost over the
   link and have to be resent.  In iSCSI that
   can't happen, since we use TCP, so Ofer and I decided
   to only send it with the CHAP_C, since it is needed
   to calculate the CHAP_R.

Keep in mind we are only using the protocol part of PPP CHAP,
and not the PPP specific encoding scheme.

Regards,
Steve Senum

Ambrish Verma wrote:
> 
> Hi Steve,
>      I understand what you are saying, In that case
> 
> 1) CHAP_N also happens to be the separate field, is it not required to
> be sent by the authenticator to initiator?
> 
> 2) If you go to the next statement in which it says like:
> "
>    The initiator MUST continue with:
>       CHAP_N=<N> CHAP_R=<R>
> "
> 
>   I think initiator is also required to return "CHAP_I" so shouldn't
it
> be like :
> 
> "
>    The initiator MUST continue with:
>       CHAP_N=<N> CHAP_R=<R> CHAP_I=<I>
> "
> 
> Thanks
> Ambrish
> 
> -----Original Message-----
> From: Steve Senum [mailto:ssenum@cisco.com]
> Sent: Thursday, July 11, 2002 12:52 PM
> To: Ambrish Verma; ietf-ips
> Subject: Re: iSCSI: CHAP sequence
> 
> Hi Ambrish,
> 
> The CHAP sequence in the iSCSI draft is correct.
> In RFC 1994, the CHAP_I and CHAP_C are seperate
> fields sent in the same PPP PDU, but they are
> still seperate fields, so in iSCSI Ofer and I
> decided to send them as seperate iSCSI keys.
> 
> Regards,
> Steve Senum
> 
> I have a doubt about CHAP sequence explained in draft. Under section
> 10.5 there
> is a description like :
> 
> "
> 
>    The target MUST answer with a Login reject with the "Authentication
> 
>    Failure" status or reply with:
> 
> 
> 
>       CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
> 
> 
> 
>    Where A is one of A1,A2... that were proposed by the initiator.
> 
> 
> 
>    The initiator MUST continue with:
> 
> 
> 
>       CHAP_N=<N> CHAP_R=<R>
> 
>  "
> 
> 
> 
> 
> 
> shouldn't it be like:
> 
> 
> 
> "
> 
>    The target MUST answer with a Login reject with the "Authentication
> 
>    Failure" status or reply with:
> 
> 
> 
>       CHAP_A=<A> CHAP_C=<C>
> 
> 
> 
>    Where A is one of A1,A2... that were proposed by the initiator.
> 
> 
> 
>    The initiator MUST continue with:
> 
> 
> 
>       CHAP_R=<R>
> 
> "
> 
> 
> 
> because I think the identifier (CHAP_I) and name CHAP_N) are already
an
> integrated part of CHAP_C and CHAP_R (the way it is
> explained in RFC1994).
> 
> 
> 
> 
> 
> 
> 
> Thanks
> 
> Ambrish

References:
- Re: iSCSI: CHAP sequence
  - From: Steve Senum <ssenum@cisco.com>

Prev by Date: RE: iSCSI: DLB [T.31] ErrorRecoveryLevel 0.5
Next by Date: RE: iSCSI: need for new data SNACK code?
Prev by thread: Re: iSCSI: CHAP sequence
Next by thread: Re: iSCSI: DLB [T.31]
Index(es):
- Date
- Thread

Home

Last updated: Sun Jul 14 04:19:06 2002
11314 messages in chronological order