Re: [iSCSI]: Key negotiation procedure proposal

To: Luben Tuikov <luben@splentec.com>
Subject: Re: [iSCSI]: Key negotiation procedure proposal
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Thu, 23 May 2002 09:21:06 -0700 (PDT)
Cc: iSCSI <ips@ece.cmu.edu>, Julian Satran <Julian_Satran@il.ibm.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <3CECF020.8ACFE673@splentec.com>
Sender: owner-ips@ece.cmu.edu

On Thu, 23 May 2002, Luben Tuikov wrote:

> I'm proposing the following key negotiation procedure. It
> preserves the no-renegotiation of keys rule and all the
> rules of login request and response currently used in the
> draft (12-91). It applies to any kind of value (list,
> boolean, integer, etc.).
>
> Simple implementations:
>
> Simple implementations SHOULD close the connection right
> after Reject has been communicated. This ensures that the
> reason for closing has been communicated to the peer.
>
> Regular implementations:
>
> Core rule: A negotiation of a key=value pair is
> complete/finished when both the Originator and Responder
> have sent their values (non-reserved keywords).
>
> The core rule implies the the following:
>
> If a Responder replies with Reject, then the Originator
> SHOULD NOT renegotiate the rejected key.
>
> If a Responder replies with Reject, it SHOULD sent its value
> of that key on the next reply to the Originator.

My only concern with this is that we now have to keep more state around;
we have to remember to send the key next negotiation, and the other side
has to know to send a blank message as part of that next negotiation.

Instead, why not just send it later in the first message?

> If an Originator finds the response to an offered key=value
> pair to be unacceptable, it SHOULD send Reject and close the
> connection.
>
> Please note that the core rule above ensures that both the
> Originator and Responder _know_ each other's values if the
> connection is closed due to Reject. This will give the user
> of each node more information to find out what went wrong.
> That is, this kind of negotiation is exhaustive.
>
> Let O: denote Originator and R: the Responder.
>
> Example 1:
> ----------
> O: v = x  -->
>          <--   R: v = Reject
>
> O: ""     -->
>          <--   R: v = y

i.e.

O: v = x  -->
         <--   R: v = Reject
         <--   R: v = y

We 1) make the negotiations happen faster, and 2) can keep less state
around (O doesn't need to send "", and R doesn't need to remmeber to send
v = y next time).

All the implementations I've seen break the login text up one key/value
pair at a time, so seeing the same key twice won't cause a problem AFAICT.

> O: 1) v = y is OK, continue as normal,
>    2) v = y is unacceptable,
>
>    v = Reject -->
>    close the connection (reason just given).
>
>
> Example 2:
> ----------
> O: v = x  -->
>          <--   R: v = y
>
> O: 1) v = y is OK, continue, as normal,
>
>    2) v = y is unacceptable,
>
>    v = Reject -->
>
>    close the connection (reason just given).

Except for the above, looks good.

Take care,

Bill

Follow-Ups:
- Re: [iSCSI]: Key negotiation procedure proposal
  - From: Martins Krikis <mkrikis@yahoo.com>
- Re: [iSCSI]: Key negotiation procedure proposal
  - From: Luben Tuikov <luben@splentec.com>

References:
- [iSCSI]: Key negotiation procedure proposal
  - From: Luben Tuikov <luben@splentec.com>

Prev by Date: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
Next by Date: RE: iSCSI Inband authentication (SRP/CHAP) - proposed resolution
Prev by thread: [iSCSI]: Key negotiation procedure proposal
Next by thread: Re: [iSCSI]: Key negotiation procedure proposal
Index(es):
- Date
- Thread

Home

Last updated: Thu May 23 16:18:34 2002
10264 messages in chronological order