SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME

    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: SRP vs DH-CHAP

    Mallikarjun,

> - Given that Lucent's new clarification came after Minneapolis, let's 
>    consider the possibility that several/most WG participants are now
>    favorably inclined to go with SRP as the "MUST implement".  Can 
>    folks with continuing concerns on SRP please speak up? [ This is *not*
>    a legal advice; but HP's lawyers do not see any issues for
Hewlett-Packard 
>    in the area of SRP. ]

That's certainly a reasonable position to take and advocate.

> - I find the statement that IESG would send back the iSCSI draft if
>    it thinks that a sufficient analysis hadn't been done on DH-CHAP
>    to be surprising to say the least.  If SRP meets the needs (more on
this
>    in the next bullet) and SRP has an IPR situation that's deemed 
>    acceptable from IETF's perspective (let's recall that SRP is a 
>    standards track RFC), why would IESG return the iSCSI spec back?

RFC 2026 says:

6.1.2  IESG Review and Approval

   The IESG shall determine whether or not a specification submitted to
   it according to section 6.1.1 satisfies the applicable criteria for
   the recommended action (see sections 4.1 and 4.2), and shall in
   addition determine whether or not the technical quality and clarity
   of the specification is consistent with that expected for the
   maturity level to which the specification is recommended.

This whole issue falls into the area of "technical quality".  The IESG
can apply a higher technical standard than "meets the needs" (e.g., a
cement mixer "meets the needs" for my personal transportation, but it's
not a particularly effective solution for that purpose), and I expect
the IESG to do so in this situation.  We now have the choice of doing
the analysis, or leaving the IESG to do it for us (and the latter
will take a *LOT* longer).  I'd love to turn back the clock, but I
can't.

>    [ To provide the context for this question, consider that EMC is in 
>      a similar situation with iSCSI - http://www.ietf.org/ietf/IPR/EMC-IPS

>    - using generally the same language as we had seen with Lucent. ]

For the record, EMC never issued a statement remotely resembling the
following November 30, 2001 statement from Lucent:

	As you are aware, RFC 2945 was neither submitted or proposed by
	Lucent.  Therefore, Lucent's general patent statement to IETF in
	1999 does not cover RFC 2945.

Lucent has subsequently revised this statement to adopt a more cooperative
attitude.  IMHO, applying the words "similar situation" to EMC is misleading
or worse; I do not recommend trashing my employer's good name as a way
to influence my thinking ;-).  Lucent was a major factor in creating the
current situation we find ourselves in and the resulting delays - EMC was
not.

> - A procedural question in this regard is the seeming lack of 
>    documented requirements for the authentication mechanism.  I 
>    don't really see a list of requirements stated in the security
>    draft, even though there's general text that discusses some issues.
>    (BTW, the iSCSI requirements draft (rightly) does not go to the depth
>    we're seeking here). I am equally to blame for this, but I was under
>    the impression that we had a list of *documented* requirements to 
>    evaluate candidates - and we chose SRP.  I was somewhat surprised 
>    to see that we now seem to be defining/weakening requirements afresh 
>    in some of the recent email threads I had seen.  I admit that I am not 
>    a security expert, but I am personally not _yet_ clear on the
requirements.... 

To the extent that they're documented, Ofer's presentation from Nashua
almost a year ago is the place to start:

	http://www.haifa.il.ibm.com/satran/ips/iSCSI-Sec-review-Nashua.pdf

There's been one very important change since then.  At the time we were
considering SRP as the basis for all iSCSI security, and some of the
evaluation criteria (especially Performance) are based on using the session
keying material that it generates.  Since we are now using IKE to provide
session keys for IPsec, some things change.  A very important change is
that one needs to consider the situation in which SRP is used in the
absence of IPsec - SRP's resistance to active attack loses some of its
value as an active attacker can wait until the authentication is complete
and then attack the unprotected TCP connection, although the results are
of somewhat less value as the password required to re-authenticate is not
obtained.

Thanks,
--David

Home

Last updated: Thu Apr 11 12:18:27 2002
9600 messages in chronological order