RE: Regarding CSG and NSG

To: Bill Studenmund <wrstuden@wasabisystems.com>, "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>
Subject: RE: Regarding CSG and NSG
From: "Rao, Sajjan" <sajjan_rao@adaptec.com>
Date: Sat, 27 Jul 2002 00:25:00 -0700
Cc: ips@ece.cmu.edu
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu


Bill,
     If the Initiator says no authentication, then the target has to decide
whether it wants to authenticate or not. So if the target wants to forego
security, it has to send the CSG = CSG sent by initiator and NSG = NSG sent
by the initiator and set T = 1. 
Am I right?? 

The initiator would then move send one more login request with probably some
more parameters and move into Full feature phase.

Thanx,
Sajjan

-----Original Message-----
From: Bill Studenmund [mailto:wrstuden@wasabisystems.com] 
Sent: Friday, July 26, 2002 9:53 PM
To: BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)
Cc: 'Rao, Sajjan'; ips@ece.cmu.edu
Subject: RE: Regarding CSG and NSG

On Thu, 25 Jul 2002, BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2) wrote:

> Sajjan,
>
> It depends whether the initiator has its T bit set.  If T=0 then the
> initiator is saying that it is security phase and is not yet ready to move
> to the next phase (NSG=ignore: if T=0, NSG is reserved). This implies that
> it does want to negotiate security (i.e. authentication).  If T=1, it says
> that is has no more security to negotiate and is ready to move to
> operational phase (as NSG=1) when the target says it's ready.  In the
latter
> of these two options (T=1,CSG=0,NSG=1) then the initiator is giving the
> target chance to start authentication.
>
> Alternatively, if the initiator does not want to negotiate security it can
> set CSG=1 in the initial login.  This removes one message exchange if the
> target does not want to negotiate security but runs the risk of receiving
a
> login failure if the target does want to negotiate security. If it wants
to
> negotiate parameters then: T=0,CSG=1,NSG=reserved.  If it does not want to
> negotiate text parameters then T=1, CSG=1, NSG=3.

?? If the initiator has a simple set of text parameters to negotiate (it
has keys to offer and it offers them all at once; no keys that it waits
for other keys on) it can offer all its keys and T=1, CSG=1, NSG=3. The
negotiation can then close in one round trip with all keys negotiated.

> In your example I am presuming that T=1 in 1). which is fine. Initiator is
> giving the target the opportunity to negotiate security but does not wish
to
> start it itself.  In 2), the T bit MUST be 0 as it can not be the final
> login response.  The target is informing the initiator that it is happy to
> enter operational phase (CSG=1).  As the T bit must be 0 in 2) NSG =
> reserved.
>
>     1) Suppose the initiator sets T=1, CSG = 0 and NSG = 1  in login
> request, and says requires no authentication.
>
>     2) Can the target set the CSG = 1 and NSG = full feature phase, in its
> login response?  NO
>
>     It should be
>
>     2) Can the target set the T=0, CSG = 1 and NSG = reserved, in its
login
> response?

Uhm, I think that one's wrong too. The target is supposed to return CSG ==
the CSG in the login request. So if the initiator had CSG=0 (line 1), then
the target can't say CSG=1.

Take care,

Bill

Follow-Ups:
- RE: Regarding CSG and NSG
  - From: Bill Studenmund <wrstuden@wasabisystems.com>

Prev by Date: My Appologies -- Re: iSCSI: INQUIRY, version descriptor
Next by Date: RE: iSCSI: v15 R2T and DATA-OUT
Prev by thread: RE: Regarding CSG and NSG
Next by thread: RE: Regarding CSG and NSG
Index(es):
- Date
- Thread

Home

Last updated: Tue Jul 30 10:39:08 2002
11481 messages in chronological order