RE: iSCSI Some Thoughts on Digests

[Black_David@emc.com]

Bernard,

> >Jim,I think your analysis is based on links only.  The problem that was
to be
> >solved was the problem of travel through Routers, Switches, and Gateways.
> >These are generally unprotected paths.  So there are, in general, no CRC
of
> >any kind being applied to the data that is being passed from one port to
> >another.  The proposed Digest is mainly to protect against this problem.
> 
> Well, this might be an argument for a cryptographic message
> integrity check (MIC) (e.g. IPSEC AH/ESP null), but do you really
> think that there is a justification for an application-specific MIC?

That seems like the wrong question.  The issue that John describes is
real, and crucial for storage (e.g., Fibre Channel has a 32 bit end to end
CRC for this reason, among others).  Could you explain how the
requirement for a 32 bit end to end CRC for TCP justifies rolling out
IPsec in situations where it would otherwise not be needed (e.g.,
the cryptography is not necessary)?  This sort of use of IPsec
 strikes me as serious overkill.  Yes, I know SCTP has the
required checksum ... the issue is TCP.

> BTW, I'm told that chipsets will soon exist that will be capable of
> 1 Gbps throughput with IPSEC AH/ESP null, so speed should not be a
> concern.

10 Gigabit Ethernet is coming.  Do the chipset designer have another
order of magnitude performance gain up their sleeves?

--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
--------------------------------------------------