SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI Security Protocol



    Hi Joshua,
    
    Mark Bakke, Kalman Meth, Costa and I are now working on the new scheme of
    security within the iSCSI. The key points so far are:
    
    For full security (authentication and encryption) use external protocol, e.g.,
    IPsec. You can define an IPsec policy for encrypting everything (not feasible
    for most cases) or just the first 48 bytes (headers) and so on.
    
    However, IPsec may cause some problems since it is IP oriented (connection
    oriented and not session oriented). Moreover, you are forcing the client to have
    IPsec, which is not always true.
    
    The security scheme in the iSCSI draft includes authorization and
    authentication. The authorization is done in the login phase with the
    negotiation (detailed in the draft), and authentication is achieved by a trailer
    that checks the integrity of the data and the header (either simple CRC or some
    mac algorithm).
    
    Everything is flexible and negotiable.
    
    I hope we release the new draft very soon.
    
    Regards,
    
    Yaron
    
    Joshua Tseng wrote:
    
    > I just did a brief review of the document draft-klein-iscsi-security-00.txt.
    > What is the current consensus (if any) on this document?  Is there
    > agreement to use SSH as the security mechanism for iSCSI?
    >
    > Josh
    
    


Home

Last updated: Tue Sep 04 01:07:08 2001
6315 messages in chronological order