Re: iSCSI Login Questions

["Julian Satran" <Julian_Satran@il.ibm.com>]

Steve,

comments in text - Julo

Steve Senum <ssenum@cisco.com> on 19-07-2001 23:28:55

Please respond to Steve Senum <ssenum@cisco.com>

To:   ietf-ips <ips@ece.cmu.edu>
cc:
Subject:  iSCSI Login Questions




Julian:

Is the following valid (taking into account the
changes requested from the UNH Plugfest)?

I: Login: AuthMethod:none SecurityContextComplete=Yes

I would assume not, that the initiator must wait
until after the initial exchange of the AuthMethod, HeaderDigest,
and DataDigest keys to send the SecurityContextComplete
key.
+++ It is correct because either the target will answer with
T->Login AuthMethod:none SecurityContextComplete=Yes (accept and perhaps
goon)

or it wil send a login reject and drop the connection

+++++
Also, if further simplification of the login process
is desired, the working group might want to consider requiring
the initiator to send the AuthMethod HeaderDigest and
the DataDigest keys on the first login, so that the
login sequence would always look like:

I: Login:   AuthMethod=a1,a2,aN
            HeaderDigest=hd1,hd2,hdN
            DataDigest=dd1,dd2,ddN
T: LoginPR: AuthMethod=a1
            HeaderDigest=hd1 DataDigest=dd1
...Authentication phase, if needed
I: Text:    SecurityContextComplete=yes
T: Text:    SecurityContextComplete=yes
...Operational Parameter Negotiating phase
...Full Feature Phase

+++
We will consider it
+++

Regards,
Steve Senum