|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI Security rough consensus> minimum, a draft specifying the details sufficient to allow review > by security experts is necessary, and then what to do with that > draft becomes something for the WG to take up. Ok? > Do we have a set of guidelines about what this draft is supposed to achieve? For example: 1. Do we need to support negotiation of SRP prime modulus/generator groups from within the standard set? 2. Do we need to generate keying material for Phase 1 as well as Phase 2 SAs? 3. Do we need to support rekeys? 4. Do we need to support ciphersuite negotiations? 5. Is there a need to negotiate filters? 6. Is there a need for concealment of identities? In other words, how much of IKE are you willing to throw away? While a lot of IKE complexity is due to artifacts of now discarded layering, a lot of it is also due to the generality of what it tries to achieve. If you want less features, you can get a lighter weight protocol...
Home Last updated: Tue Sep 04 01:04:41 2001 6315 messages in chronological order |