SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: FW: Redirection (was UNH Plugfest 5)



    I certainly don't want to forbid redirection w/o authentication.
    "SHOULD be accepted during authentication" is ok, although we
    should point out that there may be valid security concerns that
    lead an administrator to do otherwise.
     
    Thanks,
    --David
     
     -----Original Message-----
    From: Julian Satran [mailto:Julian_Satran@il.ibm.com]
    Sent: Friday, January 17, 2003 5:55 AM
    To: Black_David@emc.com
    Cc: ips@ece.cmu.edu; owner-ips@ece.cmu.edu
    Subject: Re: FW: Redirection (was UNH Plugfest 5)


    David,

    The only way to do it cleany the way you want it is to allow the redirect response (0101 and 0102) only in operational parameter stage.
    But that seems rather excessive. If we want to mandate a single way of handling I would suggest stating that 0101 and 0102
    SHOULD be accepted even during authentication (Paul's POV). Again I don't thing it adds anything as local policy may prevent an initiator from
    considering those values.

    Julo




    Black_David@emc.com
    Sent by: owner-ips@ece.cmu.edu

    17/01/03 01:11

    To
    ips@ece.cmu.edu
    cc
    Subject
    FW: Redirection (was UNH Plugfest 5)





    Forwarding an off-list note on this topic - a SHOULD is useful
    here to express a preference for which redirection mechanism
    to use in the presence of authentication.  I prefer the SHOULD
    for redirection after authentication because rogue target attacks
    are more dangerous to iSCSI than rogue initiator attacks because
    the initiator authenticates first when using CHAP.  Redirection
    prior to authentication makes it easier to mount a rogue target
    attack.

    Thanks,
    --David

    -----Original Message-----
    From: Paul Koning [mailto:pkoning@equallogic.com]
    Sent: Thursday, January 16, 2003 3:57 PM
    To: Black_David@emc.com
    Cc: Julian_Satran@il.ibm.com
    Subject: RE: Redirection (was UNH Plugfest 5)


    >>>>> "Black" == Black David <Black_David@emc.com> writes:

    Black> The most I could see doing here would be: - In the absence of
    Black> explicit administrative action, - If a target is contacted by
    Black> an Initiator requesting SecurityNegotiation, - And the target
    Black> would issue a redirect to that Initiator based on the target
    Black> name the initiator is trying to contact, - Then the target
    Black> SHOULD negotiate security before issuing the redirect.

    My preference is to swing the SHOULD in the other direction, because
    there is no security issue in doing so.  (In other words, if the
    initiator requests  security negotiation and the target replies with a
    redirect, the initiator SHOULD accept that redirect as valid without a
    full security negotiation.)  But your proposal still serves to
    strengthen the spec.

                       paul



Home

Last updated: Mon Jan 20 18:19:04 2003
12220 messages in chronological order