RE: iSCSI:SRP

To: ips@ece.cmu.edu
Subject: RE: iSCSI:SRP
From: Black_David@emc.com
Date: Wed, 3 Apr 2002 13:32:29 -0500
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

> They asked us to "consider" DH+Chap but it was not a hard requirement, you
> told us that they would accept Chap, but wanted us to consider a way to
> make it more secure.  I think the work that has been done, is clearly
> considering it, and with the combination of SRP and current Chap clearly
> meets requirements.

That work is not complete.  There are at least two technical explanations
missing that have to go into the iSCSI specification in order to
pursue this course of action:

(1) Why is CHAP by itself not sufficient?
(2) Why is SRP preferable to DH-CHAP?

The second one is crucial as it is the justification to the IESG that
technology potentially subject to patents needs to be used in preference
to unencumbered technology. 

I also think that the focus on MUST/SHOULD/MAY to the detriment of
technical discussion of the alternatives is premature - we have
to have solid technical reasons for our decisions ... and if we don't
provide them the first time, the IESG will be happy to return the
iSCSI draft to the WG for us to do them over.  I suggest focusing on
at least (1) and (2) above rather than MUST/SHOULD/MAY.

Since some people clearly want to dig into this, here's a one-sentence
summary of DH+CHAP:

	The basic idea is to augment the CHAP challenge with the
	key that results from the Diffie-Hellman exchange so that
	the CHAP response depends on both of them.

This is not identical to what I may have discussed with some people
in the past, as it has now received some expert review and been modified
accordingly.  For CHAP, see RFC 1994.  For the Diffie-Hellman exchange,
Section 22.1 of Schneier's Applied Cryptography book, is one of many
sources that describe it.  For anyone concerned about computation
operations, one additional invocation of the one-way hash is needed
on each side in addition to the DH calculations and CHAP's one-way hash
invocation.  In practice, the DH calculations (exponentiations in
particular) are the computationally expensive part.

That should be enough to start a discussion of requirements and
implementation implications in the absence of the complete Internet-Draft;
I'm sorry that the latter's not available yet ... I will try to get it
done soon.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

Follow-Ups:
- RE: iSCSI:SRP
  - From: Paul Koning <ni1d@arrl.net>

Prev by Date: iSCSI: Finding target using SendTargets Operations
Next by Date: RE: iSCSI: Finding target using SendTargets Operations
Prev by thread: RE: iSCSI:SRP
Next by thread: RE: iSCSI:SRP
Index(es):
- Date
- Thread

Home

Last updated: Wed Apr 03 16:18:19 2002
9458 messages in chronological order