Re: UNH Plugfest 5

To: Paul Koning <pkoning@equallogic.com>
Subject: Re: UNH Plugfest 5
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Wed, 15 Jan 2003 12:06:05 -0800 (PST)
Cc: <Julian_Satran@il.ibm.com>, <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <15909.34800.713734.598461@pkoning.dev.equallogic.com>
Sender: owner-ips@ece.cmu.edu

On Wed, 15 Jan 2003, Paul Koning wrote:

> >>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes:
>
>  Julian> Paul, Initiators are required to implement authentication but
>  Julian> may use none. If the administrator insists that
>  Julian> authentication must be used with redirectors too the same
>  Julian> administrator will have to take care that the redirectors
>  Julian> have the required authentication.
>
>  Julian> The standard does not have to say anything about it..
>
>  Julian> We can't take the position of weakening always the security
>  Julian> of the redirector nor one of requiring everybody to follow a
>  Julian> stricter authetication.
>
> Do we want interoperability or don't we?  My view of standards is that
> they exist for the purpose of producing interoperability.

I think Julian's other note is correct; if an administrator chooses to
configure devices so they won't interoperate, that's his or her fault, not
ours.

> What you describe creates interop failures.  If the initiator wants to
> require authentication before redirect, that will fail unless the
> target supports that, but there's nothing in the standard requiring
> the target to do so.  So I have conforming implementations that can't
> talk to each other.  That's not a good idea.

I think one resolution would be to note that there are two different
styles of redirect, secured or immediate. Then, in the guide-to-
implementers, note that a target redirecter should (lower case should) be
configurable to do either.

> Why do you say "weakening...the security of the redirector"?  I don't
> see any security issue in sending the redirect before completing the
> authentication.  Bob Russell explained that in his original note.

While I think the redirect before completing security is fine, I can
imagine that some administrators won't like it, so I think we should
(conceptually) support both.

> If there were a security problem, I'd be the first to argue for
> requiring the authentication to be completed first.  But since there
> is none, why require it?  And if it's not required, why allow for
> configurations that break?
>
>        paul
>

References:
- Re: UNH Plugfest 5
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: RE: iSCSI extension algorithms (was no subject)
Next by Date: Re: UNH Plugfest 5
Prev by thread: Re: UNH Plugfest 5
Next by thread: Re: UNH Plugfest 5
Index(es):
- Date
- Thread

Home

Last updated: Wed Jan 15 21:19:14 2003
12183 messages in chronological order