Re: iSCSI: Text request/response spanning - security issue?

To: Paul Koning <ni1d@arrl.net>
Subject: Re: iSCSI: Text request/response spanning - security issue?
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Fri, 29 Mar 2002 12:12:24 -0800 (PST)
Cc: <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <15524.50552.86000.748182@gargle.gargle.HOWL>
Sender: owner-ips@ece.cmu.edu

On Fri, 29 Mar 2002, Paul Koning wrote:

> Excerpt of message (sent 29 March 2002) by Bill Studenmund:
> > Why don't we negotiate a size? We have a default max size for individual
                                             ^^^^^^^^^^^
This is the fixed minimum you mention below, under a different name. I
call it a max since it is the max size of negotiation items it covers.

> > key=value items, and a max for the entire set. Either the target or the
> > initiator can try to negotiate it up, but has to deal with the other side
> > saying no. You can't negotiate it below the default max that we decide on.
> >
> > The main thing about making it a negotiated value is both sides can know
> > what the other can do. We won't get surprise errors as we tripped over an
> > undisclosed limit one side had.
>
> But we're talking about limits of the negotiation process itself.

I understand.

I am suggesting that durning negotiation we negotiate parameters covering
the very negotiations we are in. That means that some key=value items can
only be sent after a given size has been negotiated.

> Yes, you can renegotiate after login, but login is the primary
> negotiation point.  I think a fixed minimum requirement is more
> straightforward.

While having a minimum required is good, if we don't have a way to
negotiate a larger value, how can we really use a larger value? So if we
can't negotiate the largest size we allow for key=value items and for the
set, aren't you really suggesting we just pick a number and that's it?

What's the alternative? Send something too large and either crash the
other side or have some 'I'm confused' error come back? At least with
negotiation, each side will know what it can and can't send.

So here's the suggestion again. We start negotiation with a default value
for the largest key=value item that can be sent, and the largest set of
items that can be sent. These defaults are the minimum required that you
mention. If we want, either side can try to negotiate these values larger.
If negotiation suceeds, then future steps of negotiation can use the
larger values. Negotiation can't lower the values below the minimum
required.

Take care,

Bill

Follow-Ups:
- Re: iSCSI: Text request/response spanning - security issue?
  - From: Luben Tuikov <luben@splentec.com>
- Re: iSCSI: Text request/response spanning - security issue?
  - From: Paul Koning <ni1d@arrl.net>

References:
- Re: iSCSI: Text request/response spanning - security issue?
  - From: Paul Koning <ni1d@arrl.net>

Prev by Date: Re: iSCSI: Text request/response spanning - security issue?
Next by Date: Re: iSCSI: Text request/response spanning - security issue?
Prev by thread: Re: iSCSI: Text request/response spanning - security issue?
Next by thread: Re: iSCSI: Text request/response spanning - security issue?
Index(es):
- Date
- Thread

Home

Last updated: Sat Mar 30 00:18:11 2002
9389 messages in chronological order