RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution

To: <Black_David@emc.com>
Subject: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Wed, 22 May 2002 15:58:45 -0700 (PDT)
Cc: <mmerhar@pirus.com>, <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <277DD60FB639D511AC0400B0D068B71E02937919@CORPMX14>
Sender: owner-ips@ece.cmu.edu

On Wed, 22 May 2002 Black_David@emc.com wrote:

> Responding to Milan's concern, let me know if I get any of the
> paraphrasing wrong:
>
> [Milan Merhar]: It looks like the requirement for ESP to protect a CHAP
> 	exchange with a weak secret requires the entire resulting iSCSI
> 	session to be encrypted and use ESP integrity.
>
> Close enough; I think it's just that connection and only integrity.
> The encryption can probably be removed by negotiating a new SA that
> doesn't encrypt and deleting the old one, but that still requires
> ESP integrity.  Just deleting the SA doesn't work reliably because
> it could easily result in black-holing packets.  IKE has no way to
> check whether the other side will accept unprotected packets for
> this TCP connection, and if it won't, then deletion of the SA
> results in the packets being discarded.

Could we have a more complete example of this (SA changing in mid-stride)?
From talking with some IPsec implementers, it can be done. We just will
need to note a number of details to make sure we have it right.

One thing that will be needed is for us to be able to set policy on a
per-socket basis, and for us to be able to examine the policy in place on
a socket. That way a target can verify that a login is covered by
sufficiently-secure policy, and the initiator (and target) can adjust
policy (to relax it).

There is of course the question of what to do if the other side doesn't
want to relax policy. :-)

A few other implementation notes. 1) some IPsec implementations will
continue using an older SA (the with-privacy one) for a while. 2) we need
to have the initiator make sure it's using strong policy when it does the
CHAP phase - otherwise if it is logging back into a target and happens to
use a port number that it used before, the old (weaker) SA might still be
there.

I would prefer the key randomness be a MUST, so we can avoid this. While
rather doable, it will add more to the implementation complexity.

Take care,

Bill

References:
- RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
  - From: Black_David@emc.com

Prev by Date: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
Next by Date: RE: iSCSI: Login Request error
Prev by thread: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
Next by thread: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
Index(es):
- Date
- Thread

Home

Last updated: Wed May 22 20:18:27 2002
10223 messages in chronological order