SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI extension algorithms (was no subject)




    please have a look at the text on my site (it is out there for a while). It says it all. Julo


    Bill Studenmund <wrstuden@wasabisystems.com>
    Sent by: owner-ips@ece.cmu.edu

    15/01/03 00:23

    To
    Julian Satran <satran@haifasphere.co.il>
    cc
    <Black_David@emc.com>, <ips@ece.cmu.edu>
    Subject
    RE: iSCSI extension algorithms (was no subject)





    On Sat, 11 Jan 2003, Julian Satran wrote:

    > David,
    >
    > What I wanted to convey is not a default action but an "ability to
    > configure" because I thing that this is what we are after. If the
    > administrator is not forced in configuring it with only the new
    > auth-method then we are fine.
    > I will try again tomorrow (too late in the weekend today :-)).

    Julian,

    I think you and I are in agreement on this. If I may suggest one way
    around the difficulty is to not use the word "offer", since there are
    really two different steps where an offer is made. Or to figure out some
    way to differentiate the two different cases.

    One "offering" is what the initiator offers to the target, or what a
    target is configured to accept. I personally believe that this offering is
    100% under the control of the administrator, and we should leave it that
    way. If an administrator chooses to only use method X, so be it. She or he
    may well loose, but choices have consequences.

    Put another way, the above "offering" is 100% the domain of administrative
    policy. An initiator or target should "offer" what the administrator
    configured.

    The other "offering," which is the one the IESG really cares about, is the
    one where the administrator goes to configure what security the initiator
    will offer or the target will accept. My belief is that at THIS step we
    want all implementations to offer the administrator the option to use CHAP
    as described in the spec. Also, it is my understanding of the MUST
    surounding CHAP that if you don't offer CHAP at this point (as an option
    for the administrator), you aren't living up to the RFC.

    By differentiating the two cases, we get what we and the IESG wants, and
    we have something that is easy and clear to implement.

    Take care,

    Bill




Home

Last updated: Wed Jan 15 15:19:00 2003
12182 messages in chronological order