|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI Security ProtocolHi Joshua, Mark Bakke, Kalman Meth, Costa and I are now working on the new scheme of security within the iSCSI. The key points so far are: For full security (authentication and encryption) use external protocol, e.g., IPsec. You can define an IPsec policy for encrypting everything (not feasible for most cases) or just the first 48 bytes (headers) and so on. However, IPsec may cause some problems since it is IP oriented (connection oriented and not session oriented). Moreover, you are forcing the client to have IPsec, which is not always true. The security scheme in the iSCSI draft includes authorization and authentication. The authorization is done in the login phase with the negotiation (detailed in the draft), and authentication is achieved by a trailer that checks the integrity of the data and the header (either simple CRC or some mac algorithm). Everything is flexible and negotiable. I hope we release the new draft very soon. Regards, Yaron Joshua Tseng wrote: > I just did a brief review of the document draft-klein-iscsi-security-00.txt. > What is the current consensus (if any) on this document? Is there > agreement to use SSH as the security mechanism for iSCSI? > > Josh
Home Last updated: Tue Sep 04 01:07:08 2001 6315 messages in chronological order |