SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: Security Use Requirements



    Bernard Aboba wrote:
    > >I haven't heard anyone strongly request this. Hopefully
    > >another body will handle this within the SCSI layer.  If
    > >there is demand I would suggest looking at how the NFSv4 WG
    > >handled this using GSSAPI.  But I personally think that is
    > >overkill for iSCSI.
    > 
    > Are you saying that we *don't* need to worry about multiple
    > SCSI authentications to the same target IP address and port?
    > That would certainly simplify things.
    
    I can easily see a design that has multiple authentications
    on the same connection.  But I am going to argue that we
    resist it strongly. Unlike NFS where there are multiple
    principals on a node muxed over a single connection,
    SCSI tends to have just one principal (the node) over
    a connection. While I think that the SCSI community would
    like to move towards the more complex model, they will have to
    come up with a common model that will map to all the various
    transports which I hope will be above the transport layer.
    iSCSI can then just focus on securing the connection between
    two nodes and let SCSI deal with multiple authentications.
    
    I am curious if anyone else thinks we should try and tackle
    the much harder problem at the iSCSI layer?
    
    	-David
    


Home

Last updated: Tue Sep 04 01:05:32 2001
6315 messages in chronological order