Re: Document Action: iSCSI Requirements and Design Considerations to Informational
David Jablon <dpj@theworld.com> Fri, 26 April 2002 22:18 UTC
Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id g3QMIC117624 for ips-outgoing; Fri, 26 Apr 2002 18:18:12 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from TheWorld.com (pcls2.std.com [199.172.62.104]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id g3QLxJw16549 for <ips@ece.cmu.edu>; Fri, 26 Apr 2002 17:59:19 -0400 (EDT)
Received: from westboro-1.theworld.com (218-14-189-66.wo.cpe.charter-ne.com [66.189.14.218]) by TheWorld.com (8.9.3/8.9.3) with ESMTP id RAA06892; Fri, 26 Apr 2002 17:59:04 -0400
Message-Id: <5.1.0.14.0.20020426220858.00ac52b0@pop.theworld.com>
X-Sender: dpj@pop.theworld.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 26 Apr 2002 22:50:56 -0400
To: The IESG <iesg-secretary@ietf.org>
From: David Jablon <dpj@theworld.com>
Subject: Re: Document Action: iSCSI Requirements and Design Considerations to Informational
Cc: ips@ece.cmu.edu, mankin@ISI.EDU, sob@harvard.edu
In-Reply-To: <200204252056.QAA05569@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
Regarding the security requirements in
<http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-reqmts-06.txt> ...
Section 6.2 draws a curious and potentially dangerous distinction between
active and passive attacks. It states that the authentication protocol MUST
be resilient to passive attacks, implying that the protocol MAY permit
active attacks.
This is generally not a acceptable practice in security or cryptographic
protocol design. Generally speaking, on IP networks, someone who
can read packets can also send packets.
A simple fix is to remove the distinction in 6.2 between active and
passive attacks, as in:
"6.2 ... The iSCSI authenticated login MUST be resilient against
attacks. ..."
If one chooses to discriminate in this document between active and
passive attacks, going against common wisdom, I would think that
one *must* justify within the document exactly what distinction is
being made and why.
I think that the IPS WG discussed valid reasons why one might want
to protect the authentication packets to a higher degree than session
data packets. On the other hand, I heard no particularly good reason
why active attacks would be categorically impossible in the common
settings where passive attacks would be possible.
I also have a small editorial comment on page 2:
>Conventions used in this document
>
> This document describes the requirements for a protocol design, but
> does define a protocol standard. ...
I presume this should really say "does not define a protocol standard".
-- David
At 04:56 PM 4/25/02 -0400, The IESG wrote:
>The IESG has approved the Internet-Draft 'iSCSI Requirements and Design
>Considerations' <draft-ietf-ips-iscsi-reqmts-06.txt> as an
>Informational RFC. This document is the product of the IP Storage
>Working Group. The IESG contact persons are Allison Mankin and Scott
>Bradner.
- Document Action: iSCSI Requirements and Design Co… The IESG
- Re: Document Action: iSCSI Requirements and Desig… David Jablon
- Re: Document Action: iSCSI Requirements and Desig… Bill Studenmund