|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements>TLS affords the capability of securely communicating through >proxys. I think you mean NATs, no? Not sure how you'd proxy SSL without terminating a TCP connection. >On the other hand, IPSec is a real pain to get through >firewalls. If you're talking strictly about a firewall, not a NAT, I'm not sure why there'd be a difference. For IPSEC you need to open up protocols 50/51, and UDP 500. For SSL/TLS you need to open up a single TCP port for the application. Either way, you probably need to restrict communication to iSCSI targets with appropriate negotiation policies installed. >If we decide that iSCSI doesn't need to go through >firewalls, then we could let go of TLS. BTW, I'd note that the IPSEC WG is currently taking up the issue of IPSEC address dependencies and that several proposals have been put forward. So I wouldn't rule out being able to traverse NATs with IPSEC at some point in the future. Unfortunately however, all of those proposals interfere with the ability to do HW acceleration :(
Home Last updated: Tue Sep 04 01:05:32 2001 6315 messages in chronological order |