Capability must contain LU designation descriptor

Ralph Weber roweber at
Sat Mar 8 17:50:59 PST 2008

* From the T10 Reflector (t10 at, posted by:
* Ralph Weber <roweber at>
Sivan Tal wrote:
> <snip>
> Comment 2:
> A flaw in 07-454r5 that I suggest fixing here. In (RECEIVE
> CREDENTIAL decrypted parameter data) it says that "The contents of the CbCS
> capability descriptor are defined in". That's right, but there's
> more to it. The Designation Descriptor field in that Capability descriptor
> shall match the one in the RECEIVE CREDENTIAL command parameter.
> Comment 3:
> The requirement specified in comment 2 provides that any credential
> prepared by a Security Manager will have designation type NAA (because
> that's the only one allowed in the request). However, since the standard
> provides for self-generated credentials (see the BASIC CbCS method), I
> suggest requiring NAA in the Capability Designation Descriptor field in
> (CbCS capability descriptor).
> <big snip>
I am at a loss as to how to address these two comments, based on the
following definition of the capability designation descriptor field
in 07-454r5:
"The format of the Designation descriptor field is defined by the
value of the DESIGNATION TYPE field. The size of the Designation
descriptor shall not exceed 36 bytes. If the value of the DESIGNATION
TYPE field is 2h (i.e., MAM Attribute descriptor) and the ATTRIBUTE
IDENTIFIER within the MAM Attribute contains any value other than 0401h
(MEDIUM SERIAL NUMBER), this command shall be terminated with a CHECK
CONDITION status, with the sense key set to ILLEGAL REQUEST, and the
additional sense code set to INVALID FIELD IN CDB."
If I force the capability designation descriptor to identically equal
the CDB designation descriptor, then the capability designation
descriptor does not contain a MAM attribute (and as near as I can
tell the capability stops identifying a volume).
If I attempt to put both the CDB designation descriptor and the
CDB MAM attribute into the capability designation descriptor,
the 57 bytes of necessary data overflows the 36 bytes that are
permitted by the capability format definition.
All the best,
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at

More information about the T10 mailing list