|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI Security rough consensus> Does this consensus mean that the iSCSI header and data CRCs > are no longer part of the specification, or are we > still requiring one or the other or both? Repeat after me: "CRCs are not security mechanisms" ;-) ;-), and see the previous email on this list about the consequences of WEP trying to use CRCs in this fashion. Yes, CRCs are still required for data integrity (e.g., when ESP is not present). If one knows that ESP with its keyed HMAC is being used in the stack between TCP and IP, then it would make sense not to use CRCs at the iSCSI level, hence they're required to implement, but configurable to use (which will also be the case for ESP). This may not always be possible, as one of the things mentioned in the meeting is that if the IPSec implementation is independent of iSCSI (e.g., supplied as part of the OS), there's no general standard way for iSCSI to figure out that IPSec is there or what it's doing to traffic on any particular iSCSI connection. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:47 2001 6315 messages in chronological order |