SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Security rough consensus



    I read this as violent agreement with what
    I posted.  Thanks, --David
    
    > -----Original Message-----
    > From:	Joshua Tseng [SMTP:jtseng@nishansystems.com]
    > Sent:	Friday, May 04, 2001 3:30 PM
    > To:	'Black_David@emc.com'; ips@ece.cmu.edu
    > Subject:	RE: iSCSI Security rough consensus
    > 
    > See below:
    > > 
    > > By comparison to full IPSec with IKE, using
    > > SRP to key ESP does not improve security.
    > > The underlying issue is IKE complexity (i.e.,
    > > the code and effort required to implement it).
    > > 
    > > Hence the rationale for using SRP to key
    > > ESP is that it provides dynamic key
    > > generation without implementing IKE -- this
    > > is an improvement over pre-shared keys at
    > > a much lower code and effort cost for a
    > > single-box (i.e., no external security gateway)
    > > implementation.
    > 
    > What I think I'm hearing you say is that you
    > are evaluating whether to REQUIRE SRP keying of
    > ESP/IPSec because its easier to do than IKE.
    > If so, then in the first place, I don't think that
    > is an appropriate justification for a requirement.
    > In the second place, I'm not sure I even agree with
    > that statement--there are many off-the-shelf IKE
    > implementations which can be easily leveraged for
    > iSCSI with little or no modification.  IKE doesn't
    > need to be conscious of the application (i.e., iSCSI)
    > being protected by IPSec.
    > 
    > I also agree with Bernard that this issue is not
    > specific to iSCSI, and belongs in the security WG.
    > 
    > Josh
    > > 
    > > Thanks,
    > > --David
    > > 
    > > ---------------------------------------------------
    > > David L. Black, Senior Technologist
    > > EMC Corporation, 42 South St., Hopkinton, MA  01748
    > > +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    > > black_david@emc.com       Mobile: +1 (978) 394-7754
    > > ---------------------------------------------------
    > > 
    


Home

Last updated: Tue Sep 04 01:04:47 2001
6315 messages in chronological order