Re: iSCSI - long key values

[Steve Senum <ssenum@cisco.com>]

Julian,

I talked this over with several developers here,
and our current opinion is:

1. Allow longer key values (your option #1).
2. If that is not enough, increase the max text section size.
3. If that is not enough, allow multiple text sections to be
   concatenated.

We would prefer to avoid having to reassemble a key value
from multiple pieces (your option #2).

Regards,
Steve Senum

Julian Satran wrote:
> 
> Dear colleagues,
> 
> Ofer brought recently to my attention that some security key values are
> likely to exceed our stated limit
> of 255 bytes for a value.  A good example may be a certificate (or chained
> certificate).
> 
> We have to enable those to be in the Login phase.
> 
> To handle this we might want to consider the following options (but not
> only those):
> 
>    enable a "long hexadecimal coding" that should indicate a "long" value
>    (e.g. use 0L instead of 0x) and raise the limit for those keys to
>    something longer (say 3072 bytes?)
>    enable "concatenated" values and indicate them through a "coding scheme"
>    as follows:
>      the value "0sxx" indicates a name suffix (as in "key = 0s08" means
>      that the keys "key00" , "key01" etc) have to be concatenated
>      use the "suffixed keys" to "build the value"
>    use a named key coding (as in "0Nname" in a value means that you have to
>    use later get=value to get a "binary response" containing the whole
>    binary object)
> 
> I  think that option 2 (limited to a 3 digit prefix?) covers well what we
> need and offers some extension space and option 1 is probably good enough
> for certificates.
> 
> Comments?
> 
> Julo