Re: More on iSCSI boot

To: David Robinson <David.Robinson@EBay.Sun.COM>
Subject: Re: More on iSCSI boot
From: Bernard Aboba <aboba@internaut.com>
Date: Thu, 31 May 2001 07:48:40 -0700 (PDT)
cc: ips@ece.cmu.edu
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <3B15C1C0.82895D8F@ebay.sun.com>
Sender: owner-ips@ece.cmu.edu

> I would be surprised if it insisted that
> the ips WG take on the task of building a better DHCP.
> 
Agree. Boot security in general is not the problem of the IPS
WG. However, I do think that the WG should think through the
implications of iSCSI security on the potential for a secure boot
process. For example, are we assuming that it would be impossible to
implement iSCSI security during boot? 

Also, I'd note that between BIS and authenticated DHCP we already are
pushing the limits of credential storage and administrative
complexity. It's not entirely clear to me that this passes the "laugh
test" - particularly when the need to secure other components (NFS,
iSCSI, etc.) is added to the mix. If that's true then even a "better
DHCP" (e.g. authenticated DHCP) may not be the right answer.

References:
- Re: More on iSCSI boot
  - From: David Robinson <David.Robinson@EBay.Sun.COM>

Prev by Date: RE: iSCSI and secure boot
Next by Date: Re: More on iSCSI boot
Prev by thread: Re: More on iSCSI boot
Next by thread: Re: More on iSCSI boot
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:35 2001
6315 messages in chronological order