RE: iSCSI Some Thoughts on Digests

["Bernard Aboba" <aboba@internaut.com>]

>Could you explain how the requirement for a 32 bit end to end CRC 
>for TCP 

Oh, so we're talking about *another* change to TCP?

>IPsec in situations where it would otherwise not be needed (e.g.,
>the cryptography is not necessary)?  

I suppose this begs the question of "when is security needed" for
iSCSI. My own take on this is that as soon as you move from the realm of
a private SAN and start using routable addresses, you need
per-packet authentication and integrity protection. The threat
of spoofed iSCSI commands seems very considerable to me in the
case where the storage controller is reachable over the Internet.

BTW, it's not entirely clear to me that all private addressing
cases are immune either; note that the ZEROCONF prefix 
169.254/16 is not recognized by many routers today, which will
happily forward packets to or from this prefix, even though
that is forbidden.

>10 Gigabit Ethernet is coming.  Do the chipset designer have another
>order of magnitude performance gain up their sleeves?

I'll let the hardware designers speak to this one. But my understanding
is that they have been making substantial progress.