SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Regarding CSG and NSG



    
    Bill,
         If the Initiator says no authentication, then the target has to decide
    whether it wants to authenticate or not. So if the target wants to forego
    security, it has to send the CSG = CSG sent by initiator and NSG = NSG sent
    by the initiator and set T = 1. 
    Am I right?? 
    
    The initiator would then move send one more login request with probably some
    more parameters and move into Full feature phase.
    
    Thanx,
    Sajjan
    
    -----Original Message-----
    From: Bill Studenmund [mailto:wrstuden@wasabisystems.com] 
    Sent: Friday, July 26, 2002 9:53 PM
    To: BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)
    Cc: 'Rao, Sajjan'; ips@ece.cmu.edu
    Subject: RE: Regarding CSG and NSG
    
    On Thu, 25 Jul 2002, BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2) wrote:
    
    > Sajjan,
    >
    > It depends whether the initiator has its T bit set.  If T=0 then the
    > initiator is saying that it is security phase and is not yet ready to move
    > to the next phase (NSG=ignore: if T=0, NSG is reserved). This implies that
    > it does want to negotiate security (i.e. authentication).  If T=1, it says
    > that is has no more security to negotiate and is ready to move to
    > operational phase (as NSG=1) when the target says it's ready.  In the
    latter
    > of these two options (T=1,CSG=0,NSG=1) then the initiator is giving the
    > target chance to start authentication.
    >
    > Alternatively, if the initiator does not want to negotiate security it can
    > set CSG=1 in the initial login.  This removes one message exchange if the
    > target does not want to negotiate security but runs the risk of receiving
    a
    > login failure if the target does want to negotiate security. If it wants
    to
    > negotiate parameters then: T=0,CSG=1,NSG=reserved.  If it does not want to
    > negotiate text parameters then T=1, CSG=1, NSG=3.
    
    ?? If the initiator has a simple set of text parameters to negotiate (it
    has keys to offer and it offers them all at once; no keys that it waits
    for other keys on) it can offer all its keys and T=1, CSG=1, NSG=3. The
    negotiation can then close in one round trip with all keys negotiated.
    
    > In your example I am presuming that T=1 in 1). which is fine. Initiator is
    > giving the target the opportunity to negotiate security but does not wish
    to
    > start it itself.  In 2), the T bit MUST be 0 as it can not be the final
    > login response.  The target is informing the initiator that it is happy to
    > enter operational phase (CSG=1).  As the T bit must be 0 in 2) NSG =
    > reserved.
    >
    >     1) Suppose the initiator sets T=1, CSG = 0 and NSG = 1  in login
    > request, and says requires no authentication.
    >
    >     2) Can the target set the CSG = 1 and NSG = full feature phase, in its
    > login response?  NO
    >
    >     It should be
    >
    >     2) Can the target set the T=0, CSG = 1 and NSG = reserved, in its
    login
    > response?
    
    Uhm, I think that one's wrong too. The target is supposed to return CSG ==
    the CSG in the login request. So if the initiator had CSG=0 (line 1), then
    the target can't say CSG=1.
    
    Take care,
    
    Bill
    


Home

Last updated: Tue Jul 30 10:39:08 2002
11481 messages in chronological order