RE: iSCSI: SRP groups in Security-14 strawman

[Black_David@emc.com]

Ofer,

> Sounds reasonable. Two comments:
> 
> 1. Is there no delay concern in introducing new IANA requirements at
>    this late stage in the iSCSI standard ?

Shouldn't be a problem - IANA doesn't get involved in the process until
after the IESG has approved an Internet-Draft for publication as an RFC,
and we have other IANA requirements going in as a result of vendor-specific
keys and key values discussed in Yokohama.  We do have to get the IANA
text into reasonably good shape, as the IESG will ding us otherwise.
 
> 2. >Target MUST offer SRP-2048 as one of the possible values of
>    >SRP_GROUP and SHOULD offer all supported groups that are
>    >allowed by local security policy.
> 
>    "and SHOULD offer all supported groups..." - this sentence seems to
>    me unnecessary. "MUST offer SRP-2048" is OK - it means that the
>    implementation's administration interface will not enable settings
>    that precludes offering SRP-2048. However, I'd expect the
implementation
>    to anyway offer other choices exactly according to the policy settings
>    (unless it's bugged...).

Ok.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449            FAX: +1 (508) 497-8018
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------