|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FW: Redirection (was UNH Plugfest 5)Forwarding an off-list note on this topic - a SHOULD is useful here to express a preference for which redirection mechanism to use in the presence of authentication. I prefer the SHOULD for redirection after authentication because rogue target attacks are more dangerous to iSCSI than rogue initiator attacks because the initiator authenticates first when using CHAP. Redirection prior to authentication makes it easier to mount a rogue target attack. Thanks, --David -----Original Message----- From: Paul Koning [mailto:pkoning@equallogic.com] Sent: Thursday, January 16, 2003 3:57 PM To: Black_David@emc.com Cc: Julian_Satran@il.ibm.com Subject: RE: Redirection (was UNH Plugfest 5) >>>>> "Black" == Black David <Black_David@emc.com> writes: Black> The most I could see doing here would be: - In the absence of Black> explicit administrative action, - If a target is contacted by Black> an Initiator requesting SecurityNegotiation, - And the target Black> would issue a redirect to that Initiator based on the target Black> name the initiator is trying to contact, - Then the target Black> SHOULD negotiate security before issuing the redirect. My preference is to swing the SHOULD in the other direction, because there is no security issue in doing so. (In other words, if the initiator requests security negotiation and the target replies with a redirect, the initiator SHOULD accept that redirect as valid without a full security negotiation.) But your proposal still serves to strengthen the spec. paul
Home Last updated: Fri Jan 17 06:19:01 2003 12206 messages in chronological order |