does iSCSI support CHAP challenges at random intervals?

To: <ips@ece.cmu.edu>
Subject: does iSCSI support CHAP challenges at random intervals?
From: "Dean Scoville" <dean.scoville@qlogic.com>
Date: Wed, 28 Aug 2002 09:56:44 -0700
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu
Thread-Index: AcJOs+YtJXoWLLnaEdaKsgBQ2thomQ==
Thread-Topic: does iSCSI support CHAP challenges at random intervals?

The CHAP RFC (RFC 1994) allows the authenticator to send a new challenge to the peer at random intervals. I don't see any mention of this in the IPS Security document or the iSCSI Draft. In the iSCSI Draft, the CHAP keys are discussed in section 10 with regard to the Security Stage of Login, but are not mentioned in full feature phase.  As far as iSCSI is concerned, is CHAP authentication a one-time occurance during login, or are new challenges also allowed/expected at random intervals during the life of the connection? If re-authentication is allowed, then an example would be helpful in the text (target initiates authentication via async msg requesting parameter negotiation, then issues CHAP_I CHAP_C challenge in response to empty text request pdu; or initiator initiates authentication via text request containing CHAP_A key, etc...). If it is not allowed, perhaps we should explicitly state this in the iSCSI draft and/or IPS Security document, since it is a difference between iSCSI usage of CHAP and that allo
wed by the RFC.
thanks,
Dean Scoville
QLogic

Follow-Ups:
- Re: does iSCSI support CHAP challenges at random intervals?
  - From: Mark Bakke <mbakke@cisco.com>

Prev by Date: RE: IPS and SCTP
Next by Date: Re: does iSCSI support CHAP challenges at random intervals?
Prev by thread: I-D ACTION:draft-ietf-ips-security-15.txt
Next by thread: Re: does iSCSI support CHAP challenges at random intervals?
Index(es):
- Date
- Thread

Home

Last updated: Wed Aug 28 14:18:58 2002
11705 messages in chronological order