iSCSI Login

To: ips@ece.cmu.edu
Subject: iSCSI Login
From: "BURBRIDGE,MATTHEW (HP-UnitedKingdom,ex2)" <matthew_burbridge@hp.com>
Date: Thu, 15 Mar 2001 09:43:33 -0000
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Hi Julian,

A couple of items:

1) Section 4.1 (iSCSI Rev 5) states that:

The target can answer in the following ways: 
    
      -Login Response with Login Reject (and F bit 1).  This is an 
      immediate rejection from the target, that causes the session to 
      terminate

I agree that this could be the case for a security breach - authentication
failed but what if the target only supports one connection per session and
the initiator is attempting to set up another connection.  Surely, the new
login should be rejected but the session remains intact.

2) Still on the subject of login:  In section 4, page 74, the spec states
that:

  "The initiator and target MAY want to negotiate authentication and 
   data integrity parameters. Once this negotiation is completed, the 
   channel is considered secure."

It is unclear as to the mandated handling of conflicting/differing
authentication mechanisms negotiated on multiple connections participating 
in the same session.  I  propose that the spec should state that if
authentication is required then the same authentication method MUST
be used on all connections in a session.

Cheers

Matthew Burbridge
Network Infrastructure Solutions
Hewlett Packard
Bristol
+44 117 312 7010
E-mail: matthewb@bri.hp.com

Prev by Date: RE: iSCSI: Need to Kill Session from Surviving Node
Next by Date: Some thoughts about draft 05 of iSCSI
Prev by thread: Re: iSCSI : Section 2.4.2. Error Communication Latencies.
Next by thread: Re: iSCSI Login
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:20 2001
6315 messages in chronological order