SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Security rough consensus



    > Does this consensus mean that the iSCSI header and data CRCs
    > are no longer part of the specification, or are we
    > still requiring one or the other or both?
    
    Repeat after me: "CRCs are not security mechanisms" ;-)
    ;-), and see the previous email on this list about the
    consequences of WEP trying to use CRCs in this fashion.
    
    Yes, CRCs are still required for data integrity (e.g.,
    when ESP is not present).  If one knows that ESP with
    its keyed HMAC is being used in the stack between TCP and
    IP, then it would make sense not to use CRCs at the iSCSI
    level, hence they're required to implement, but configurable
    to use (which will also be the case for ESP).  This may
    not always be possible, as one of the things mentioned
    in the meeting is that if the IPSec implementation is
    independent of iSCSI (e.g., supplied as part of the OS),
    there's no general standard way for iSCSI to figure out
    that IPSec is there or what it's doing to traffic on any
    particular iSCSI connection.
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:04:47 2001
6315 messages in chronological order