SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI Security rough consensus



    > Just for clarification, SRP is only one of several
    > "end-to-end iSCSI authentication mechanisms" listed
    > in the -06 draft.
    
    It's also the one that the interim meeting proposes to
    make MANDATORY to implement.  Based on what we
    can put in the iSCSI draft now, using IKE to key ESP
    is acceptable.
    
    > I think if SRP were not used to key IPSec, then IKE
    > would be needed.
    
    I don't believe that to be the case, although I'll defer to
    others on exactly how pre-shared keys are used.
    
    > On the other hand, if IKE were available,
    > why would we need SRP to key IPSec?
    
    I think this has been answered already.  SRP is end-to-end,
    ensuring that any SA it keys is end to end.  ESP in tunnel
    mode keyed by IKE need not be end-to-end because any
    intermediate security gateways will have IKE.
    
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:04:42 2001
6315 messages in chronological order