RE: iSCSI Security rough consensus

To: Black_David@emc.com
Subject: RE: iSCSI Security rough consensus
From: Bernard Aboba <aboba@internaut.com>
Date: Wed, 16 May 2001 01:47:12 -0700 (PDT)
cc: jtseng@NishanSystems.com, biran@il.ibm.com, ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <0F31E5C394DAD311B60C00E029101A070801557C@corpmx9.isus.emc.com>
Sender: owner-ips@ece.cmu.edu

> minimum, a draft specifying the details sufficient to allow review
> by security experts is necessary, and then what to do with that
> draft becomes something for the WG to take up.  Ok?
> 

Do we have a set of guidelines about what this draft is supposed to
achieve? For example:

1. Do we need to support negotiation of SRP prime modulus/generator
groups from within the standard set? 

2. Do we need to generate keying material for Phase 1 as well as Phase 2
SAs? 

3. Do we need to support rekeys?

4. Do we need to support ciphersuite negotiations?

5. Is there a need to negotiate filters? 

6. Is there a need for concealment of identities?

In other words, how much of IKE are you willing to throw away? While a lot
of IKE complexity is due to artifacts of now discarded layering, a lot of
it is also due to the generality of what it tries to achieve. If you want
less features, you can get a lighter weight protocol...

References:
- RE: iSCSI Security rough consensus
  - From: Black_David@emc.com

Prev by Date: RE: iSCSI Security rough consensus
Next by Date: Re: iSCSI: Aggregation tags in SendTargets
Prev by thread: RE: iSCSI Security rough consensus
Next by thread: RE: iSCSI Security rough consensus
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:41 2001
6315 messages in chronological order