Re: UNH Plugfest 5

[Paul Koning <pkoning@equallogic.com>]

>>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes:

 Julian> Paul, Initiators are required to implement authentication but
 Julian> may use none. If the administrator insists that
 Julian> authentication must be used with redirectors too the same
 Julian> administrator will have to take care that the redirectors
 Julian> have the required authentication.

 Julian> The standard does not have to say anything about it..

 Julian> We can't take the position of weakening always the security
 Julian> of the redirector nor one of requiring everybody to follow a
 Julian> stricter authetication.

Do we want interoperability or don't we?  My view of standards is that
they exist for the purpose of producing interoperability.

What you describe creates interop failures.  If the initiator wants to
require authentication before redirect, that will fail unless the
target supports that, but there's nothing in the standard requiring
the target to do so.  So I have conforming implementations that can't
talk to each other.  That's not a good idea.

Why do you say "weakening...the security of the redirector"?  I don't
see any security issue in sending the redirect before completing the
authentication.  Bob Russell explained that in his original note.

If there were a security problem, I'd be the first to argue for
requiring the authentication to be completed first.  But since there
is none, why require it?  And if it's not required, why allow for
configurations that break?

       paul