Re: [storm] iSCSI Node Name for SCSI (composite) Device
Mallikarjun Chadalapaka <cbm@chadalapaka.com> Fri, 09 September 2011 17:18 UTC
Return-Path: <cbm@chadalapaka.com>
X-Original-To: storm@ietfa.amsl.com
Delivered-To: storm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D0A121F86A1 for <storm@ietfa.amsl.com>; Fri, 9 Sep 2011 10:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.481
X-Spam-Level:
X-Spam-Status: No, score=-2.481 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0jdxqvBo4rm for <storm@ietfa.amsl.com>; Fri, 9 Sep 2011 10:18:50 -0700 (PDT)
Received: from snt0-omc3-s49.snt0.hotmail.com (snt0-omc3-s49.snt0.hotmail.com [65.54.51.86]) by ietfa.amsl.com (Postfix) with ESMTP id C591821F84AC for <storm@ietf.org>; Fri, 9 Sep 2011 10:18:50 -0700 (PDT)
Received: from SNT131-DS16 ([65.55.90.135]) by snt0-omc3-s49.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 9 Sep 2011 10:20:46 -0700
X-Originating-IP: [131.107.0.94]
X-Originating-Email: [cbm@chadalapaka.com]
Message-ID: <SNT131-ds162A51A37B722314E4A657A0010@phx.gbl>
From: Mallikarjun Chadalapaka <cbm@chadalapaka.com>
To: Paul_Koning@Dell.com, david.black@emc.com, storm@ietf.org
References: <SNT131-ds428634E0048BE2FF6E211A0010@phx.gbl> <09787EF419216C41A903FD14EE5506DD0153553162@AUSX7MCPC103.AMER.DELL.COM> <7C4DFCE962635144B8FAE8CA11D0BF1E058B27F43A@MX14A.corp.emc.com> <09787EF419216C41A903FD14EE5506DD0153553344@AUSX7MCPC103.AMER.DELL.COM>
In-Reply-To: <09787EF419216C41A903FD14EE5506DD0153553344@AUSX7MCPC103.AMER.DELL.COM>
Date: Fri, 09 Sep 2011 10:20:45 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHcB5FMbu7wlS83v+5mHU2fGlTdDQIzT/PsAfI8+WcCE96SQpT0TiAg
Content-Language: en-us
X-OriginalArrivalTime: 09 Sep 2011 17:20:46.0062 (UTC) FILETIME=[CFA4E0E0:01CC6F14]
Subject: Re: [storm] iSCSI Node Name for SCSI (composite) Device
X-BeenThere: storm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Storage Maintenance WG <storm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/storm>, <mailto:storm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/storm>
List-Post: <mailto:storm@ietf.org>
List-Help: <mailto:storm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/storm>, <mailto:storm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 17:18:51 -0000
Paul, thanks for the feedback. From the new requirement text, I will also add a cross-reference to the section 9.2.1 text that David cited, to make this clear. Mallikarjun -----Original Message----- From: storm-bounces@ietf.org [mailto:storm-bounces@ietf.org] On Behalf Of Paul_Koning@Dell.com Sent: Friday, September 09, 2011 7:49 AM To: david.black@emc.com; storm@ietf.org Subject: Re: [storm] iSCSI Node Name for SCSI (composite) Device Ok, so that means that, in this case at least, it must be possible for the CHAP name to be different from the iSCSI name. That's certainly always a possibility but it also seems likely that people would take the shortcut of making them match -- here you can't do that. The text you quoted should be sufficient to alert implementers to that consideration. paul -----Original Message----- From: david.black@emc.com [mailto:david.black@emc.com] Sent: Friday, September 09, 2011 9:02 AM To: Koning, Paul; storm@ietf.org Subject: RE: [storm] iSCSI Node Name for SCSI (composite) Device > I'm wondering if this creates an issue with CHAP based authentication. > Assuming the node name is the CHAP username, you'd have a CHAP secret > associated with that name. Since there are two roles, it means the > same secret is used for both directions, which violates an explicit prohibition in the existing spec (because it enables reflection attacks). > > Is that not an issue here, or is it one that can be avoided by > additional constraints? If so it would be worth spelling out how. That's definitely a valid concern, but one that has already been taken care of - the following sentence is from Section 8.2.1 of RFC 3720, and has been carried over to Section 9.2.1 of the consolidated draft: Also, if an iSCSI implementation can function as both initiator and target, different CHAP secrets and identities MUST be configured for these two roles. Thanks, --David > -----Original Message----- > From: storm-bounces@ietf.org [mailto:storm-bounces@ietf.org] On Behalf > Of Paul_Koning@Dell.com > Sent: Friday, September 09, 2011 6:50 AM > To: cbm@chadalapaka.com; storm@ietf.org > Subject: Re: [storm] iSCSI Node Name for SCSI (composite) Device > > I'm wondering if this creates an issue with CHAP based authentication. > Assuming the node name is the CHAP username, you'd have a CHAP secret > associated with that name. Since there are two roles, it means the > same secret is used for both directions, which violates an explicit prohibition in the existing spec (because it enables reflection attacks). > > Is that not an issue here, or is it one that can be avoided by > additional constraints? If so it would be worth spelling out how. > > paul > > -----Original Message----- > From: storm-bounces@ietf.org [mailto:storm-bounces@ietf.org] On Behalf > Of Mallikarjun Chadalapaka > Sent: Thursday, September 08, 2011 9:41 PM > To: storm@ietf.org > Subject: [storm] iSCSI Node Name for SCSI (composite) Device > > In reviewing some editorial feedback received offline, we have > identified a potential misalignment between SAM-5 and iSCSI. And it > turns out we can address it with a simple requirement, which the drafts' authors wanted to surface to the list. > > SAM-5 models SCSI Device Name as an attribute of a SCSI Device class, > even if the SCSI Device is a composite device containing a SCSI Initiator Device > and a SCSI Target Device. iSCSI in contrast models an iSCSI Initiator Name > as an attribute of iSCSI Initiator Node, and models iSCSI Target Name as that for iSCSI Target Node. > As the new consolidated draft now explicitly allows iSCSI Nodes to be > SCSI composite Devices, we just need to make sure that a SCSI > (composite) Device in iSCSI transport domain would only have one SCSI Device Name. > > This can be accomplished by adding the following requirement to the > consolidated draft: whenever an iSCSI Node contains an iSCSI Initiator > Node and an iSCSI Target Node, the iSCSI Initiator Name MUST be the > same as the iSCSI Target Name for the contained Nodes such that there is only one iSCSI Node Name for the iSCSI Node overall. > > Please let the list know if you have concerns, or questions about this > approach. Assuming WG consensus on this, we plan to get this - and > any related text updates in both drafts - into the next revisions at the end of the Last Call. > > Thanks. > > Mallikarjun (for all the authors) > > > > > > > _______________________________________________ > storm mailing list > storm@ietf.org > https://www.ietf.org/mailman/listinfo/storm > _______________________________________________ > storm mailing list > storm@ietf.org > https://www.ietf.org/mailman/listinfo/storm _______________________________________________ storm mailing list storm@ietf.org https://www.ietf.org/mailman/listinfo/storm
- Re: [storm] iSCSI Node Name for SCSI (composite) … Paul_Koning
- [storm] iSCSI Node Name for SCSI (composite) Devi… Mallikarjun Chadalapaka
- Re: [storm] iSCSI Node Name for SCSI (composite) … david.black
- Re: [storm] iSCSI Node Name for SCSI (composite) … Paul_Koning
- Re: [storm] iSCSI Node Name for SCSI (composite) … Mallikarjun Chadalapaka