|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: keys/parameter dependenceOn Tue, 28 Jan 2003, Steve Senum wrote: > Bob Russell, > > I think allowing keys to be distributed over several PDUs > breaks the curent CHAP authentication sequence. Consider: > > I->T: CHAP_A=<A1,A2...> > > T->I: CHAP_A=<A> CHAP_I=<I> CHAP_C=<C> > > I->T: CHAP_N=<N> CHAP_R=<R> > OR > I->T: CHAP_N=<N> CHAP_R=<R> CHAP_I=<I> CHAP_C=<C> > > The target does not know how many keys to expect, > so it would not know when the step is complete. > > I don't really see the point of allowing this anyway, > as the user can already spread keys out over several PDUs > with the C (Continue) bit. Note that for CHAP we shouldn't need the C bit, since even with CHAP_[ICNR] in one PDU, it should be less than 8k. I also agree that we should not relax security negotiations here. Keeping them rigid helps them complete quickly and clearly. > I would however like to the see the key ordering issue > clarified in the final edit, if possible. That would be good. Take care, Bill
Home Last updated: Tue Jan 28 22:19:01 2003 12270 messages in chronological order |