RE: Security Use Requirements (and security issue with iSCSI boot deployment)

To: "Prasenjit Sarkar" <psarkar@almaden.ibm.com>
Subject: RE: Security Use Requirements (and security issue with iSCSI boot deployment)
From: "Bernard Aboba" <aboba@internaut.com>
Date: Fri, 9 Feb 2001 08:44:30 -0800
Cc: "Glen Turner" <glen.turner@aarnet.edu.au>, <Black_David@emc.com>, <rja@inet.org>, "Julian Satran" <Julian_Satran@il.ibm.com>, <ips@ece.cmu.edu>, "Ofer Biran" <BIRAN@il.ibm.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="us-ascii"
Importance: Normal
In-Reply-To: <OF1CC608D2.393F8060-ON882569EE.002542F3@LocalDomain>
Sender: owner-ips@ece.cmu.edu

>Short of digitally signing every block, a practical way out is to for each
>loaded image to verify the integrity of the subsequent image to be loaded
(if any).

The PXE approach is to sign the entire boot image, and verify the signature
using
a public key that was pre-loaded into the PC, typically by the OEM (on the
customer's behalf). If you need this kind of code signing from the start,
then
you'll need to include that capability in the initial boot image that you
retrieve via PXE. As you've stated, that initial boot image should include
iSCSI driver support.

References:
- RE: Security Use Requirements (and security issue with iSCSI bootdeployment)
  - From: "Prasenjit Sarkar" <psarkar@almaden.ibm.com>

Prev by Date: RE: Security Use Requirements
Next by Date: RE: Security Use Requirements
Prev by thread: RE: Security Use Requirements (and security issue with iSCSI bootdeployment)
Next by thread: iSCSI: Security Enviornments
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:32 2001
6315 messages in chronological order