RE: Regarding CSG and NSG

To: "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>
Subject: RE: Regarding CSG and NSG
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Fri, 26 Jul 2002 09:22:33 -0700 (PDT)
Cc: "'Rao, Sajjan'" <sajjan_rao@adaptec.com>, <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <0B9A57FF1D57D411B47500D0B73E5CC104FF203C@dickens.bri.hp.com>
Sender: owner-ips@ece.cmu.edu

On Thu, 25 Jul 2002, BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2) wrote:

> Sajjan,
>
> It depends whether the initiator has its T bit set.  If T=0 then the
> initiator is saying that it is security phase and is not yet ready to move
> to the next phase (NSG=ignore: if T=0, NSG is reserved). This implies that
> it does want to negotiate security (i.e. authentication).  If T=1, it says
> that is has no more security to negotiate and is ready to move to
> operational phase (as NSG=1) when the target says it's ready.  In the latter
> of these two options (T=1,CSG=0,NSG=1) then the initiator is giving the
> target chance to start authentication.
>
> Alternatively, if the initiator does not want to negotiate security it can
> set CSG=1 in the initial login.  This removes one message exchange if the
> target does not want to negotiate security but runs the risk of receiving a
> login failure if the target does want to negotiate security. If it wants to
> negotiate parameters then: T=0,CSG=1,NSG=reserved.  If it does not want to
> negotiate text parameters then T=1, CSG=1, NSG=3.

?? If the initiator has a simple set of text parameters to negotiate (it
has keys to offer and it offers them all at once; no keys that it waits
for other keys on) it can offer all its keys and T=1, CSG=1, NSG=3. The
negotiation can then close in one round trip with all keys negotiated.

> In your example I am presuming that T=1 in 1). which is fine. Initiator is
> giving the target the opportunity to negotiate security but does not wish to
> start it itself.  In 2), the T bit MUST be 0 as it can not be the final
> login response.  The target is informing the initiator that it is happy to
> enter operational phase (CSG=1).  As the T bit must be 0 in 2) NSG =
> reserved.
>
>     1) Suppose the initiator sets T=1, CSG = 0 and NSG = 1  in login
> request, and says requires no authentication.
>
>     2) Can the target set the CSG = 1 and NSG = full feature phase, in its
> login response?  NO
>
>     It should be
>
>     2) Can the target set the T=0, CSG = 1 and NSG = reserved, in its login
> response?

Uhm, I think that one's wrong too. The target is supposed to return CSG ==
the CSG in the login request. So if the initiator had CSG=0 (line 1), then
the target can't say CSG=1.

Take care,

Bill

References:
- RE: Regarding CSG and NSG
  - From: "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>

Prev by Date: Re: IPS-ALL: FC Mgmt MIB WG Last Call
Next by Date: clarification on TargetAddress and TargetName usage
Prev by thread: RE: Regarding CSG and NSG
Next by thread: RE: Regarding CSG and NSG
Index(es):
- Date
- Thread

Home

Last updated: Tue Jul 30 10:39:08 2002
11481 messages in chronological order