 
| 
 | 
 [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI authentication requirementsOn Wed, Mar 27, 2002 at 03:42:55PM -0500, David Jablon wrote: > A primary decision for the WG to consider is whether > item (e), preventing "dictionary attack", is important. We need to be a bit more nuanced here. The question is not just whether or not a particular scheme is vulnerable to a dictionary attack, but under what circumstances is it vulnerable to a dictionary attack. If the attack requires the use of an active attack, where the attacker has to be on communications path, *and* the attacker must interpose him/herself between the client and the server, *and* the attack causes the attempted authentication to fail, such that the client knows something might be going on --- how bad is it that under these sorts of circumstances, a dictionary attack might be possible? Also, if we posit that the authentication target has a public key, which can be optionally cached by the client (in an ssh-style type approach), then the server can sign its challenge with its public key, and then even the possibility of an active attack is limited to the first time the client talks to a particular server or iSCSI target. Is this as good as an EKE, SPEKE, or PDM-style authentication scheme? Nope; but it's close. And as I articulated during the IETF open-plenary, we are an engineering organization, and engineering always involves tradeoffs. Some of these tradeoffs are not necessarily strictly technical, but involve real-world business/financial issues. The problem at this point is that the IP situation with respect to all of these schemes is cloudy, and that may prevent some companies from being able to implement the spec. Also, if any of these patent claims are true, then it certainly will rule out open-source, reference implementations from being able to fully implement the specification. Such reference implementations have for other working groups been a significant force towards helping assure interoperability. (Also, consider that as Linux continues to make inroads into the server platforms, it would be a real shame if Linux were not able to make authenticated connections to iSCSI devices thanks to the patent issues; you'd be essentially eliminating part of the iSCSI device manufacturers' market thanks to the patent issue.) How important are these issues? Well, I will be the first to admit that if some patented technology conferred overwhelming advantage over all other alternatives (such as back in the bad old days when RSA and D-H was the only game in town for doing public-key cryptography), then the concerns which I've articulated probably would not outweigh the technical advantage conferred by the IP-encumbered technology. (And even in that case, the fact that the technology was encumbered probably delayed the wide-spread use of protocols which specified the use of public-key technology by close to a decade.) In this particular case, however, I would submit that the advantage confered by using EKE, SPEKE, PDM, or other related technologies is at best marginal. There are other technical solutions, which I've outlined above, that provide almost the same amount of protection, without having to deal with the headaches of settling with potentially two or three patent holders. We also avoid eliminating at one stroke all possibilities of compliant/legal open-source implementations of the technology. Because of both downsides, in this particular case, the engineering tradeoffs simply isn't worth it. - Ted 
 
 
 
 Home Last updated: Thu Mar 28 16:18:17 2002 9367 messages in chronological order |