SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    > Many posts ago, there was mention of three levels of security for iSCSI
    >         
    >	1: none
    > 	2: iSCSI authentication
    >	3: tls or IPsec
    > 
    > these level seems to correspond to what is in the version 3 draft.
    >
    > The trend in the current discussion seems to be that security must be
    implemented.
    > Correct me if I am wrong, but I am under the impression that fibre channel
    currently
    > is used at level 1 (although there is CRC).  I was also under the
    impression that
    > one of the main motivations of iSCSI was the belief that ethernet would
    win over
    > Fibre Channel as a network technology and hence the desire to send SCSI
    over ethernet.
    
    Oh, I wish Sean hadn't gone there.  Fibre Channel has some rather weak
    authentication
    and access control mechanisms, but the current state of Fibre Channel
    security would
    never have made it past an IETF Area Director, let alone out as a
    standards-track RFC.
    Small scale Fibre Channel SANs provide valid arguments for choosing not to
    use
    security in some cases - larger scale Fibre Channel deployments are
    providing
    much stronger arguments for why security implementation should be mandatory,
    and there's quite a bit of work going on in the Fibre Channel world to do
    something
    about security after the fact.  In other words, Fibre Channel is not a valid
    analogy
    to argue about whether security should be mandatory to implement.
    
    Beyond that, Sean is correct that there are a lot of details are missing
    from the
    security section of the -03 draft, and that in general, specifying fewer
    mechanisms
    is preferable.
    
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order