|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: RE: FW: Redirection (was UNH Plugfest 5)OK - Julo > > From: Black_David@emc.com > Date: 2003/01/17 Fri PM 04:21:47 GMT+02:00 > To: Julian_Satran@il.ibm.com > CC: ips@ece.cmu.edu > Subject: RE: FW: Redirection (was UNH Plugfest 5) > > I certainly don't want to forbid redirection w/o authentication. > "SHOULD be accepted during authentication" is ok, although we > should point out that there may be valid security concerns that > lead an administrator to do otherwise. > > Thanks, > --David > > -----Original Message----- > From: Julian Satran [mailto:Julian_Satran@il.ibm.com] > Sent: Friday, January 17, 2003 5:55 AM > To: Black_David@emc.com > Cc: ips@ece.cmu.edu; owner-ips@ece.cmu.edu > Subject: Re: FW: Redirection (was UNH Plugfest 5) > > > > > David, > > The only way to do it cleany the way you want it is to allow the redirect > response (0101 and 0102) only in operational parameter stage. > But that seems rather excessive. If we want to mandate a single way of > handling I would suggest stating that 0101 and 0102 > SHOULD be accepted even during authentication (Paul's POV). Again I don't > thing it adds anything as local policy may prevent an initiator from > considering those values. > > Julo > > > > > > Black_David@emc.com > Sent by: owner-ips@ece.cmu.edu > > > 17/01/03 01:11 > > > To > ips@ece.cmu.edu > > cc > > Subject > FW: Redirection (was UNH Plugfest 5) > > > > > > > Forwarding an off-list note on this topic - a SHOULD is useful > here to express a preference for which redirection mechanism > to use in the presence of authentication. I prefer the SHOULD > for redirection after authentication because rogue target attacks > are more dangerous to iSCSI than rogue initiator attacks because > the initiator authenticates first when using CHAP. Redirection > prior to authentication makes it easier to mount a rogue target > attack. > > Thanks, > --David > > -----Original Message----- > From: Paul Koning [mailto:pkoning@equallogic.com] > Sent: Thursday, January 16, 2003 3:57 PM > To: Black_David@emc.com > Cc: Julian_Satran@il.ibm.com > Subject: RE: Redirection (was UNH Plugfest 5) > > > >>>>> "Black" == Black David <Black_David@emc.com> writes: > > Black> The most I could see doing here would be: - In the absence of > Black> explicit administrative action, - If a target is contacted by > Black> an Initiator requesting SecurityNegotiation, - And the target > Black> would issue a redirect to that Initiator based on the target > Black> name the initiator is trying to contact, - Then the target > Black> SHOULD negotiate security before issuing the redirect. > > My preference is to swing the SHOULD in the other direction, because > there is no security issue in doing so. (In other words, if the > initiator requests security negotiation and the target replies with a > redirect, the initiator SHOULD accept that redirect as valid without a > full security negotiation.) But your proposal still serves to > strengthen the spec. > > paul > > > > > I certainly
don't want to forbid redirection w/o authentication.
"SHOULD be
accepted during authentication" is ok, although we
should point
out that there may be valid security concerns that
lead an
administrator to do otherwise.
Thanks,
--David
-----Original Message-----
From: Julian Satran [mailto:Julian_Satran@il.ibm.com] Sent: Friday, January 17, 2003 5:55 AM To: Black_David@emc.com Cc: ips@ece.cmu.edu; owner-ips@ece.cmu.edu Subject: Re: FW: Redirection (was UNH Plugfest 5)
Home Last updated: Sat Jan 18 11:19:06 2003 12217 messages in chronological order |