FW: Redirection (was UNH Plugfest 5)

[Black_David@emc.com]

Forwarding an off-list note on this topic - a SHOULD is useful
here to express a preference for which redirection mechanism
to use in the presence of authentication.  I prefer the SHOULD
for redirection after authentication because rogue target attacks
are more dangerous to iSCSI than rogue initiator attacks because
the initiator authenticates first when using CHAP.  Redirection
prior to authentication makes it easier to mount a rogue target
attack.

Thanks,
--David

-----Original Message-----
From: Paul Koning [mailto:pkoning@equallogic.com]
Sent: Thursday, January 16, 2003 3:57 PM
To: Black_David@emc.com
Cc: Julian_Satran@il.ibm.com
Subject: RE: Redirection (was UNH Plugfest 5)


>>>>> "Black" == Black David <Black_David@emc.com> writes:

 Black> The most I could see doing here would be: - In the absence of
 Black> explicit administrative action, - If a target is contacted by
 Black> an Initiator requesting SecurityNegotiation, - And the target
 Black> would issue a redirect to that Initiator based on the target
 Black> name the initiator is trying to contact, - Then the target
 Black> SHOULD negotiate security before issuing the redirect.

My preference is to swing the SHOULD in the other direction, because
there is no security issue in doing so.  (In other words, if the
initiator requests  security negotiation and the target replies with a
redirect, the initiator SHOULD accept that redirect as valid without a
full security negotiation.)  But your proposal still serves to
strengthen the spec.

	   paul