SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: Delay on results of Consensus call -- DH-CHAP [Resend]



    Julian,
     
    Well put. I agree.
     
    Pat
    -----Original Message-----
    From: Julian Satran [mailto:Julian_Satran@il.ibm.com]
    Sent: Monday, April 29, 2002 3:21 PM
    To: Elizabeth G. Rodriguez
    Cc: ips@ece.cmu.edu; owner-ips@ece.cmu.edu; Allison Mankin
    Subject: Re: iSCSI: Delay on results of Consensus call -- DH-CHAP [Resend]


    Elizabeth,

    At the last IPS Security team phone call DH-CHAP was praised for being very well written but too "young" for a security protocol for us to make any decision.
    We are looking also for advise from other people within our communities.

    I spent some time reading the last several days all the submissions to the IEEE workgroup P1363 and I feel even more helpless -  there are submissions there that have a DH exchange and are far stronger that DH-CHAP at the same computational expense.

    Also the original 1993 Bellovin and Merritt paper on AKE covers mechanisms closely related to DH-CHAP and as I have no access to the alleged patents on all AKE protocols
    we have no clue if DH-CHAP will not be covered by those claims.

    Considering that we are not a security workgroup many of us feel that we should either choose a week authentication like CHAP as must and wait for IEEE to standardize one or more forms of AKE or stay with what we have now and that is SRP mandatory. I find it also very curious that the ADs seem to advise us against mandating a protocol that is already an RFC (SRP).  And again neither I nor IBM (as far as I know) have no vested interest in SRP - it seems to be the only AKE class protocol that has already undergone public scrutiny and it meets all our needs.

    Julo


    "Elizabeth G. Rodriguez" <Elizabeth.G.Rodriguez@123mail.net>
    Sent by: owner-ips@ece.cmu.edu

    04/28/2002 10:50 PM
    Please respond to "Elizabeth G. Rodriguez"

           
            To:        <ips@ece.cmu.edu>
            cc:        
            Subject:        iSCSI: Delay on results of Consensus call -- DH-CHAP [Resend]

           


    Never saw this post, so resending…
     
    A quick update on why the results of the consensus call for DH-CHAP have not been announced:
     
    The results of the input received were very roughly (e.g. not clear consensus) in favor of inclusion of DH-CHAP.
    I have been asked by Allison Mankin to consult with the security advisors to the group, to check into more matters.
    Specifically, to check on the requirements for the authentication mechanism, and to see if DH-CHAP satisfy these requirements.
     
    We are still working on this, and will try to post something about this as soon as possible.
     
    Thanks,
     
    Elizabeth
     
     



Home

Last updated: Mon Apr 29 23:18:20 2002
9873 messages in chronological order