|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI Security rough consensus> Just for clarification, SRP is only one of several > "end-to-end iSCSI authentication mechanisms" listed > in the -06 draft. It's also the one that the interim meeting proposes to make MANDATORY to implement. Based on what we can put in the iSCSI draft now, using IKE to key ESP is acceptable. > I think if SRP were not used to key IPSec, then IKE > would be needed. I don't believe that to be the case, although I'll defer to others on exactly how pre-shared keys are used. > On the other hand, if IKE were available, > why would we need SRP to key IPSec? I think this has been answered already. SRP is end-to-end, ensuring that any SA it keys is end to end. ESP in tunnel mode keyed by IKE need not be end-to-end because any intermediate security gateways will have IKE. --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:42 2001 6315 messages in chronological order |