iSCSI Security mechanisms

[Black_David@emc.com]

At the risk of exciting this nest of hornets, here's
a summary of the current WG rough consensus on iSCSI
security requirements for implementations.  I'm doing
this both because I've received some off-line indications
of confusion and because the Nashua minutes aren't
as clear about this as they could be:

- In-band iSCSI authentication
	SRP - REQUIRED
	all other mechanisms - OPTIONAL

- Cryptographic communication integrity (these are
	all IPSec components):
	ESP with null encryption - REQUIRED
	ESP with non-null encryption - OPTIONAL
	AH - OPTIONAL
	IKE - OPTIONAL

I would note that anyone considering encryption
ought to be working on/with AES, not just 3DES.

This leaves open the issue of where the key(s) for
ESP come from.  IKE is OPTIONAL, and use of SRP to
supply keys for ESP is NOT REQUIRED (not even
specified - I need to find the time to work on
writing this up).  This leaves pre-shared keys as
the minimum mechanism, and hence I believe that
a suitably secured administrative interface to
supply pre-shared keys to ESP will have to be
REQUIRED for interoperability even if a dynamic
keying mechanism like IKE is implemented.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------