RE: iSCSI Security rough consensus

To: jtseng@NishanSystems.com, Black_David@emc.com, ips@ece.cmu.edu
Subject: RE: iSCSI Security rough consensus
From: Black_David@emc.com
Date: Fri, 4 May 2001 13:48:16 -0400
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu

> I do not understand what a requirement for SRP to
> generate keys for ESP/IPSec would add to security,
> especially if IPSec and iSCSI are implemented on the
> same box.  Could you summarize why this recommendation
> was made?  (unfortunately, I missed this part of the
> meeting to catch a plane)

By comparison to full IPSec with IKE, using
SRP to key ESP does not improve security.
The underlying issue is IKE complexity (i.e.,
the code and effort required to implement it).

Hence the rationale for using SRP to key
ESP is that it provides dynamic key
generation without implementing IKE -- this
is an improvement over pre-shared keys at
a much lower code and effort cost for a
single-box (i.e., no external security gateway)
implementation.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: RE: iSCSI Security rough consensus
Next by Date: RE: iSCSI Security rough consensus
Prev by thread: RE: iSCSI Security rough consensus
Next by thread: RE: iSCSI Security rough consensus
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:47 2001
6315 messages in chronological order