Re: More on iSCSI boot

To: julian_satran@il.ibm.com
Subject: Re: More on iSCSI boot
From: Bernard Aboba <aboba@internaut.com>
Date: Thu, 31 May 2001 07:38:32 -0700 (PDT)
cc: ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <C1256A5D.0010A632.00@d12mta02.de.ibm.com>
Sender: owner-ips@ece.cmu.edu

> -even if we would like to standardize a "primary" or "minimal" boot we have
> no good understanding (experience)
> of how this will interact with the iSCSI security mechanisms.
> 
Agree with this. But I think the lesson is (as David mentioned) that you
need a (perhaps non-mandatory) security method that can be executed in the
boot rom. 

Personally, I'm not that convinced that boot image signing as presently
conceived is all that useful anyway, since it isn't widely deployed and
there's no way to revoke the signature of a bad boot image (e.g. no
certificate chain support).

References:
- Re: More on iSCSI boot
  - From: julian_satran@il.ibm.com

Prev by Date: RE: Nashua Interim Minutes
Next by Date: RE: iSCSI and secure boot
Prev by thread: Re: More on iSCSI boot
Next by thread: Re: More on iSCSI boot
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:35 2001
6315 messages in chronological order