SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Regarding CSG and NSG



    On Thu, 25 Jul 2002, BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2) wrote:
    
    > Sajjan,
    >
    > It depends whether the initiator has its T bit set.  If T=0 then the
    > initiator is saying that it is security phase and is not yet ready to move
    > to the next phase (NSG=ignore: if T=0, NSG is reserved). This implies that
    > it does want to negotiate security (i.e. authentication).  If T=1, it says
    > that is has no more security to negotiate and is ready to move to
    > operational phase (as NSG=1) when the target says it's ready.  In the latter
    > of these two options (T=1,CSG=0,NSG=1) then the initiator is giving the
    > target chance to start authentication.
    >
    > Alternatively, if the initiator does not want to negotiate security it can
    > set CSG=1 in the initial login.  This removes one message exchange if the
    > target does not want to negotiate security but runs the risk of receiving a
    > login failure if the target does want to negotiate security. If it wants to
    > negotiate parameters then: T=0,CSG=1,NSG=reserved.  If it does not want to
    > negotiate text parameters then T=1, CSG=1, NSG=3.
    
    ?? If the initiator has a simple set of text parameters to negotiate (it
    has keys to offer and it offers them all at once; no keys that it waits
    for other keys on) it can offer all its keys and T=1, CSG=1, NSG=3. The
    negotiation can then close in one round trip with all keys negotiated.
    
    > In your example I am presuming that T=1 in 1). which is fine. Initiator is
    > giving the target the opportunity to negotiate security but does not wish to
    > start it itself.  In 2), the T bit MUST be 0 as it can not be the final
    > login response.  The target is informing the initiator that it is happy to
    > enter operational phase (CSG=1).  As the T bit must be 0 in 2) NSG =
    > reserved.
    >
    >     1) Suppose the initiator sets T=1, CSG = 0 and NSG = 1  in login
    > request, and says requires no authentication.
    >
    >     2) Can the target set the CSG = 1 and NSG = full feature phase, in its
    > login response?  NO
    >
    >     It should be
    >
    >     2) Can the target set the T=0, CSG = 1 and NSG = reserved, in its login
    > response?
    
    Uhm, I think that one's wrong too. The target is supposed to return CSG ==
    the CSG in the login request. So if the initiator had CSG=0 (line 1), then
    the target can't say CSG=1.
    
    Take care,
    
    Bill
    
    


Home

Last updated: Tue Jul 30 10:39:08 2002
11481 messages in chronological order