Re: Security Considerations

To: Jim McGrath <Jim.McGrath@quantum.com>
Subject: Re: Security Considerations
From: David Robinson <David.Robinson@EBay.Sun.COM>
Date: Thu, 06 Jul 2000 17:39:12 -0700
CC: "'VonStamwitz, Paul'" <paulv@corp.adaptec.com>, ips@ece.cmu.edu, "'julian_satran@il.ibm.com'" <julian_satran@il.ibm.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Organization: Sun Microsystems, Inc.
References: <B7E2A2967AF7D211995B00805FA7E4DF01FE0651@milcmsgc.qntm.com>
Sender: owner-ips@ece.cmu.edu

Jim McGrath wrote:
> 
> For reference, what security is present today for NAS class products (e.g.
> those typically using a higher level protocol like NFS rather than SCSI)?
> 
> My impression (which I admit could be quite mistaken) is that we may be on a
> path of requiring a higher level of security for iSCSI than is warranted by
> alternative protocols.  Of course, enhancing security has its value, but
> since SCSI starts off with essentially no security, iSCSI is a poor protocol
> upon which to require lots of security.

The benchmark that iSCSI will have to meet is what is being done
in the NFSv4 WG.  Using the ONCRPC WG mechanisms based on GSSAPI
and RPCSEC_GSS they provide authentication, integrity, and privacy
using one of two manditory to implement mechanisms, Kerberos V5
and LIPKEY.

I suspect that if iSCSI doesn't address security to provide similar
capabilities it will not pass muster. Of course the security should
always be able to be negotiated to the desired levels.

	-David

References:
- RE: Security Considerations
  - From: Jim McGrath <Jim.McGrath@quantum.com>

Prev by Date: Re: draft q.
Next by Date: iSCSI has already been done before, sort of...
Prev by thread: RE: Security Considerations
Next by thread: RE: Security Considerations
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:08:10 2001
6315 messages in chronological order