Re: iSCSI Login Questions

To: ips@ece.cmu.edu
Subject: Re: iSCSI Login Questions
From: Steve Senum <ssenum@cisco.com>
Date: Fri, 27 Jul 2001 10:23:03 -0500
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <OF404EF6F6.D743D921-ONC2256A96.002317EE@telaviv.ibm.com>
Sender: owner-ips@ece.cmu.edu

Julian,

I don't think I was clear in my last message.
My concern is not with the details of the
handshake.  I think those are clearly specified
in the current draft.

My concern is under what conditions the handshake
is done.

By my current (perhaps wrong) understanding of
draft -07, if AuthMethod, HeaderDigest, or DataDigest
is offered in the opening login cmd/login rsp,
then the handshake is a MUST.
If AuthMethod, HeaderDigest and DataDigest
are all not offered, then the handshake is a MAY.

It is the second part (the MAY) of this I am having
trouble with.  I believe it needs to be either
a MUST (handshake all the time), or a MUST NOT
(handshake not allowed if AuthMethod, HeaderDigest
or DataDigest all not offered).

Regards,
Steve Senum


Julian Satran wrote:
> 
> Steve,
> 
> The sequence was meant to end always with an I,T handshake. If T starts it
> then we have a T,I,T exchange
> This is what I suggest for the my new proposal too. Phase transition starts
> always after a complete "instruction" (request response).
> 
> Julo
> 
> Steve Senum <ssenum@cisco.com> on 27-07-2001 02:35:41
> 
> Please respond to Steve Senum <ssenum@cisco.com>
> 
> To:   ips@ece.cmu.edu
> cc:
> Subject:  Re: iSCSI Login Questions
> 
> Julian:
> 
> If the sequences mentioned below are all valid,
> plus the trivial sequence:
> 
> I-> Login
> I-> Login-PR
> 
> where these are all followed by Operational
> Parameter negotiation, I have a concern.
> 
> Since either side is allowed to initiate
> the SecurityContextComplete=yes handshake,
> I would think that either Initiator or Target
> would transition to the next phase too soon
> if one side thought the handshake was needed,
> and the other side didn't.
> 
> The only way I see to keep this from happening
> is either:
> 
> 1. Don't allow the SecurityContextComplete=yes handshake
> unless AuthMethod, HeaderDigest, or DataDigest keys
> have been offered.
> 
> 2. Always require the SecurityContextComplete=yes handshake.
> 
> Regards,
> Steve Senum
> 
> Julian Satran wrote:
> >
> > Yes that is (in 07)  a legitmate sequence.  Julo
> >
> > Steve Senum <ssenum@cisco.com> on 26-07-2001 00:25:19
> >
> > Please respond to Steve Senum <ssenum@cisco.com>
> >
> > To:   ietf-ips <ips@ece.cmu.edu>
> > cc:
> > Subject:  Re: iSCSI Login Questions
> >
> > Julian,
> >
> > Is it valid (under draft -07) to offer the
> > SecurityContextComplete key without the AuthMethod,
> > HeaderDigest or DataDigest keys having been offered?
> >
> > In other words, are the following sequences valid?
> >
> > Sequence 1:
> >
> > I-> Login    SecurityContextComplete=yes
> > T-> Login-PR SecurityContextComplete=yes
> >
> > Sequence 2:
> >
> > I-> Login
> > T-> Login-PR SecurityContextComplete=yes
> > I-> Text     SecurityContextComplete=yes
> > T-> Text     SecurityContextComplete=yes
> >
> > Sequence 3:
> >
> > I-> Login
> > I-> Login-PR
> > I-> Text     SecurityContextComplete=yes
> > T-> Text     SecurityContextComplete=yes
> >
> > Thanks,
> > Steve Senum

References:
- Re: iSCSI Login Questions
  - From: "Julian Satran" <Julian_Satran@il.ibm.com>

Prev by Date: Re: iSCSI "bad practice"
Next by Date: iSCSI-07: recovery
Prev by thread: Re: iSCSI Login Questions
Next by thread: Re: iSCSI Login Questions
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:11 2001
6315 messages in chronological order