|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: FW: Redirection (was UNH Plugfest 5)
I certainly
don't want to forbid redirection w/o authentication.
"SHOULD be
accepted during authentication" is ok, although we
should point
out that there may be valid security concerns that
lead an
administrator to do otherwise.
Thanks,
--David
-----Original Message----- From:
Julian Satran [mailto:Julian_Satran@il.ibm.com] Sent: Friday, January
17, 2003 5:55 AM To: Black_David@emc.com Cc:
ips@ece.cmu.edu; owner-ips@ece.cmu.edu Subject: Re: FW: Redirection
(was UNH Plugfest 5)
David,
The
only way to do it cleany the way you want it is to allow the redirect response
(0101 and 0102) only in operational parameter stage. But that seems rather excessive. If we want to mandate
a single way of handling I would suggest stating that 0101 and 0102
SHOULD be accepted even during authentication
(Paul's POV). Again I don't thing it adds anything as local policy may prevent
an initiator from considering those
values.
Julo
Black_David@emc.com
Sent by:
owner-ips@ece.cmu.edu
17/01/03 01:11
|
To
| ips@ece.cmu.edu
|
cc
|
|
Subject
| FW: Redirection (was
UNH Plugfest 5) |
|
Forwarding an off-list note on this topic - a SHOULD is
useful here to express a preference for which redirection mechanism to
use in the presence of authentication. I prefer the SHOULD for
redirection after authentication because rogue target attacks are more
dangerous to iSCSI than rogue initiator attacks because the initiator
authenticates first when using CHAP. Redirection prior to
authentication makes it easier to mount a rogue
target attack.
Thanks, --David
-----Original
Message----- From: Paul Koning [mailto:pkoning@equallogic.com] Sent:
Thursday, January 16, 2003 3:57 PM To: Black_David@emc.com Cc:
Julian_Satran@il.ibm.com Subject: RE: Redirection (was UNH Plugfest
5)
>>>>> "Black" == Black David
<Black_David@emc.com> writes:
Black> The most I could see
doing here would be: - In the absence of Black> explicit administrative
action, - If a target is contacted by Black> an Initiator requesting
SecurityNegotiation, - And the target Black> would issue a redirect to
that Initiator based on the target Black> name the initiator is trying
to contact, - Then the target Black> SHOULD negotiate security before
issuing the redirect.
My preference is to swing the SHOULD in the other
direction, because there is no security issue in doing so. (In other
words, if the initiator requests security negotiation and the target
replies with a redirect, the initiator SHOULD accept that redirect as valid
without a full security negotiation.) But your proposal still serves
to strengthen the spec.
paul
Home
Last updated: Mon Jan 20 18:19:04 2003
12220 messages in chronological order
|