Re: Document Action: iSCSI Requirements and Design Considerations to Informational
David Jablon <dpj@theworld.com> Fri, 26 April 2002 22:18 UTC
Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id g3QMIC117624 for ips-outgoing; Fri, 26 Apr 2002 18:18:12 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from TheWorld.com (pcls2.std.com [199.172.62.104]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id g3QLxJw16549 for <ips@ece.cmu.edu>; Fri, 26 Apr 2002 17:59:19 -0400 (EDT)
Received: from westboro-1.theworld.com (218-14-189-66.wo.cpe.charter-ne.com [66.189.14.218]) by TheWorld.com (8.9.3/8.9.3) with ESMTP id RAA06892; Fri, 26 Apr 2002 17:59:04 -0400
Message-Id: <5.1.0.14.0.20020426220858.00ac52b0@pop.theworld.com>
X-Sender: dpj@pop.theworld.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 26 Apr 2002 22:50:56 -0400
To: The IESG <iesg-secretary@ietf.org>
From: David Jablon <dpj@theworld.com>
Subject: Re: Document Action: iSCSI Requirements and Design Considerations to Informational
Cc: ips@ece.cmu.edu, mankin@ISI.EDU, sob@harvard.edu
In-Reply-To: <200204252056.QAA05569@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
Regarding the security requirements in <http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-reqmts-06.txt> ... Section 6.2 draws a curious and potentially dangerous distinction between active and passive attacks. It states that the authentication protocol MUST be resilient to passive attacks, implying that the protocol MAY permit active attacks. This is generally not a acceptable practice in security or cryptographic protocol design. Generally speaking, on IP networks, someone who can read packets can also send packets. A simple fix is to remove the distinction in 6.2 between active and passive attacks, as in: "6.2 ... The iSCSI authenticated login MUST be resilient against attacks. ..." If one chooses to discriminate in this document between active and passive attacks, going against common wisdom, I would think that one *must* justify within the document exactly what distinction is being made and why. I think that the IPS WG discussed valid reasons why one might want to protect the authentication packets to a higher degree than session data packets. On the other hand, I heard no particularly good reason why active attacks would be categorically impossible in the common settings where passive attacks would be possible. I also have a small editorial comment on page 2: >Conventions used in this document > > This document describes the requirements for a protocol design, but > does define a protocol standard. ... I presume this should really say "does not define a protocol standard". -- David At 04:56 PM 4/25/02 -0400, The IESG wrote: >The IESG has approved the Internet-Draft 'iSCSI Requirements and Design >Considerations' <draft-ietf-ips-iscsi-reqmts-06.txt> as an >Informational RFC. This document is the product of the IP Storage >Working Group. The IESG contact persons are Allison Mankin and Scott >Bradner.
- Document Action: iSCSI Requirements and Design Co… The IESG
- Re: Document Action: iSCSI Requirements and Desig… David Jablon
- Re: Document Action: iSCSI Requirements and Desig… Bill Studenmund