Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost)
	by ece.cmu.edu (8.11.0/8.10.2) id h0FKAeh08451
	for ips-outgoing; Wed, 15 Jan 2003 15:10:40 -0500 (EST)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from lion.ninthwonder.com (lion.ninthwonder.com [151.199.66.147])
	by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id h0FKAZW08446
	for <ips@ece.cmu.edu>; Wed, 15 Jan 2003 15:10:36 -0500 (EST)
Received: by lion.ninthwonder.com (Postfix, from userid 1021)
	id 5AE263070C; Wed, 15 Jan 2003 15:10:35 -0500 (EST)
Date: Wed, 15 Jan 2003 12:06:05 -0800 (PST)
From: Bill Studenmund <wrstuden@wasabisystems.com>
X-X-Sender:  <wrstuden@candlekeep.home-net.internetconnect.net>
To: Paul Koning <pkoning@equallogic.com>
Cc: <Julian_Satran@il.ibm.com>, <ips@ece.cmu.edu>
Subject: Re: UNH Plugfest 5
In-Reply-To: <15909.34800.713734.598461@pkoning.dev.equallogic.com>
Message-ID: <Pine.NEB.4.33.0301151154270.531-100000@candlekeep.home-net.internetconnect.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ips@ece.cmu.edu
Precedence: bulk

On Wed, 15 Jan 2003, Paul Koning wrote:

> >>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes:
>
>  Julian> Paul, Initiators are required to implement authentication but
>  Julian> may use none. If the administrator insists that
>  Julian> authentication must be used with redirectors too the same
>  Julian> administrator will have to take care that the redirectors
>  Julian> have the required authentication.
>
>  Julian> The standard does not have to say anything about it..
>
>  Julian> We can't take the position of weakening always the security
>  Julian> of the redirector nor one of requiring everybody to follow a
>  Julian> stricter authetication.
>
> Do we want interoperability or don't we?  My view of standards is that
> they exist for the purpose of producing interoperability.

I think Julian's other note is correct; if an administrator chooses to
configure devices so they won't interoperate, that's his or her fault, not
ours.

> What you describe creates interop failures.  If the initiator wants to
> require authentication before redirect, that will fail unless the
> target supports that, but there's nothing in the standard requiring
> the target to do so.  So I have conforming implementations that can't
> talk to each other.  That's not a good idea.

I think one resolution would be to note that there are two different
styles of redirect, secured or immediate. Then, in the guide-to-
implementers, note that a target redirecter should (lower case should) be
configurable to do either.

> Why do you say "weakening...the security of the redirector"?  I don't
> see any security issue in sending the redirect before completing the
> authentication.  Bob Russell explained that in his original note.

While I think the redirect before completing security is fine, I can
imagine that some administrators won't like it, so I think we should
(conceptually) support both.

> If there were a security problem, I'd be the first to argue for
> requiring the authentication to be completed first.  But since there
> is none, why require it?  And if it's not required, why allow for
> configurations that break?
>
>        paul
>