RE: SRP vs PKI for authentication

[Black_David@emc.com]

Ofer's provided part of the answer, in addition this is
based in part on considerations for environments that
are not prepared to invest heavily in security (so IPsec
is not in use), but for which authentication is appropriate.
SRP is considerably easier to set up and use than a PKI-based
mechanism, and hence is the "MUST implement" to make
good authentication easier to use in such environments
in contrast to one of the SPKMs and the associated PKI
and/or key generation and key management it requires.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------


> -----Original Message-----
> From: VAHUJA@aol.com [mailto:VAHUJA@aol.com]
> Sent: Tuesday, November 13, 2001 7:13 PM
> To: ips@ece.cmu.edu
> Subject: SRP vs PKI for authentication
> 
> 
> iSCSI draft 08 requires use of SRP for authentication, while 
> for Fabric switch authentication, there are proposals in T11 
> that use PKI. The iSNS also allows PKI for authentication. I 
> have also seen some IP concerns raised recently about SRP...
> 
> So my question is - for iSCSI login-time authentication, are 
> there compelling reasons for using SRP instead of PKI? 
>