SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    
    
    Bernard,
    
    No the initiator port is different (the TCP connections are disjoint).
    
    However this brings with it another issue. Separate connections (even
    within the same session) can have different security - and this is not a
    useless feature e.g., a private link with a backup public link.
    In other environments you have links with similar needs.   Does  IPSec
    provide a replication mechanism for security contexts?
    
    Regards,
    Julo
    
    "Bernard Aboba" <aboba@internaut.com> on 09/02/2001 18:32:31
    
    Please respond to "Bernard Aboba" <aboba@internaut.com>
    
    To:   Black_David@emc.com, jtseng@NishanSystems.com
    cc:   ips@ece.cmu.edu
    Subject:  RE: Security Use Requirements
    
    
    
    
    >iSCSI envisions and allows multiple targets behind a single IP
    >address and TCP port.  The targets are named (via WWUIs) in a
    >fashion that neither IPsec nor TLS can be expected to understand
    
    Let me make sure I understand this. You will have multiple
    SCSI authentications to the same target IP address and port.
    Does the initiator port vary between them or is that the
    same too?
    
    If the same initiator port is used, I think there
    will be a problem. How would the conversants know which IPSEC QM SA
    to use to send a particular transaction? On outbound, from
    the point of view of the IPSEC driver, it sees a packet
    come down with a given IP and transport header. Based on this
    information, it decides which IKE QM SA the packet belongs
    to, if any. So the driver has no notion of WWUIs, and needs
    to make its decision purely based on the IP and transport
    headers. If there isn't anything in there that is different
    between the QM SAs, the driver will pick one, but it might
    not be the right one.
    
    
    
    


Home

Last updated: Tue Sep 04 01:05:32 2001
6315 messages in chronological order