RE: iSCSI Security rough consensus

To: Somesh Gupta <someshg@yahoo.com>
Subject: RE: iSCSI Security rough consensus
From: Bernard Aboba <aboba@internaut.com>
Date: Fri, 4 May 2001 15:44:46 -0700 (PDT)
cc: Black_David@emc.com, ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <NMEALCLOIBCHBDHLCMIJGEJICDAA.someshg@yahoo.com>
Sender: owner-ips@ece.cmu.edu

> > Yes, CRCs are still required for data integrity (e.g.,
> > when ESP is not present).  If one knows that ESP with
> > its keyed HMAC is being used in the stack between TCP and
> > IP, then it would make sense not to use CRCs at the iSCSI
> > level, hence they're required to implement, but configurable
> > to use (which will also be the case for ESP).

The issue here is where the data invalidation is coming from. If it is
occuring on the wire, then IPSEC will solve the problem and a CRC (or a
TCP checksum for that matter) is redundant. However, if it is occuring
later, then IPSEC may not be an appropriate solution, particularly since
acceleration technologies mean that IPSEC may be stripped off even before
the packet is moved off the interface for the first time. 

Ultimately the decision should rest on consideration of the
empirical evidence of where the problem is.

References:
- RE: iSCSI Security rough consensus
  - From: "Somesh Gupta" <someshg@yahoo.com>

Prev by Date: RE: iSCSI Security rough consensus
Next by Date: RE: iSCSI Security rough consensus
Prev by thread: RE: iSCSI Security rough consensus
Next by thread: RE: iSCSI Security rough consensus
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:46 2001
6315 messages in chronological order