SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Security rough consensus



    > Sure would be nice if we could make up our minds and just
    >  implement one mechanism.
    >
    >   Here we have two mechanisms (iSCSI header/data integrity
    >   and ESP) which are both mandatory to implement and 
    >   optional to use. Since ESP seems like a superset why not
    >   just have that and get rid of the "integrity only" iSCSI
    >   CRC mechanism.
    
    It sure would be nice, and in fact we had almost
    exactly this discussion later in the evening as
    part of the error recovery section of the agenda.
    The fly in the ointment is that the HMAC integrity
    algorithm that is at the core of ESP's integrity
    support is considerably more expensive (software
    or hardware) than a CRC, and this isn't likely
    to improve as I understand things.  I would expect
    to see implementations with ESP completely in
    software and visible performance impacts.
    
    I really need to get the meeting minutes written up :-).
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:04:47 2001
6315 messages in chronological order