RE: Security Use Requirements

To: jtseng@NishanSystems.com, Black_David@emc.com
Subject: RE: Security Use Requirements
From: Black_David@emc.com
Date: Thu, 8 Feb 2001 09:59:54 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu

> > 	It isn't enough to just point to existing security mechanisms and
> > 	say "use these".  It's necessary to say how to use them with
> > 	the protocol and what other assumptions must be true in order
> > 	to achieve the desired security properties - some of these
> > 	assumptions will be requirements on other components/protocols
> > 	in the environment.
> 
> Thanks, and the point I'm trying to make is that iSCSI and IPSec/IKE can
> pretty much work independently, with no compromise to security.  Having
> IPSec and/or IKE become involved in iSCSI (or vice-versa) will increase
> complexity while adding little additional value.

I think Josh and I are in violent agreement on this.  In particular, I don't
see
any need to put WWUIs into IPSec/IKE or X.509 certificates.  Mechanisms
like iSNS can handle the mapping between the various sort of identities,
provided that iSNS is suitably secure.

OTOH, there's a lot of work needed on the security text in the current
iSCSI draft -- for example, Josh describes certificates and iSNS as being
able to prevent certain attacks on key distribution, but the current iSCSI
draft is basically silent on both subjects, and in particular does not
describe how one party in an iSCSI authentication interaction gets
its hands on the other's certificate to check it (which is generally
a good thing to be able to do when certificates are used).

The specific answer to:

> The point is that IPSec provides the PER PACKET data
> integrity/authentication and if desired, encryption.  The iSCSI login
> process provides authentication AND authorization of the communicating
> entities.  What more do you need?

is that it's necessary to ensure that there isn't a gap between iSCSI
authentication and IPSec authentication/integrity/confidentiality that
would allow the communication to be attacked without breaking IPSec.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Follow-Ups:
- RE: Security Use Requirements
  - From: "Bernard Aboba" <aboba@internaut.com>
- Re: Security Use Requirements [specifically: hardware]
  - From: csapuntz@cisco.com

Prev by Date: RE: Security Use Requirements
Next by Date: FCIP - Orlando Interim Summary
Prev by thread: RE: Security Use Requirements
Next by thread: Re: Security Use Requirements [specifically: hardware]
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order