RE: iSCSI and secure boot

To: Douglas Otis <dotis@sanlight.net>
Subject: RE: iSCSI and secure boot
From: Bernard Aboba <aboba@internaut.com>
Date: Wed, 30 May 2001 12:29:39 -0700 (PDT)
cc: julian_satran@il.ibm.com, ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <NEBBJGDMMLHHCIKHGBEJOECJCIAA.dotis@sanlight.net>
Sender: owner-ips@ece.cmu.edu

> If the results are confirmed, then the process is confirmed.  There should
> be no need to validate every step in the process, just the last step as done
> with PXE 2.  As far as TFTP, it lives up to its name.  A simple TFTP stack
> can be done in a few dozen lines of code.  It is really a minimum amount of
> effort.

Problem with PXE 2 is that it requires touching every PC (to install
the boot image cert) and so isn't widely implemented. Also, if
implemented doesn't support basic capabilities such as revocation. So most
PCs implementing PXE are doing PXE 1 or PXE 2 with no boot image cert
installed. Therefore for all practical purposes PXE = no security.

Follow-Ups:
- RE: iSCSI and secure boot
  - From: "Douglas Otis" <dotis@sanlight.net>

References:
- RE: iSCSI and secure boot
  - From: "Douglas Otis" <dotis@sanlight.net>

Prev by Date: RE: iSCSI and secure boot
Next by Date: iSNS revision -03 available
Prev by thread: RE: iSCSI and secure boot
Next by thread: RE: iSCSI and secure boot
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:35 2001
6315 messages in chronological order