RE: iSCSI Security mechanisms

[Bernard Aboba <aboba@internaut.com>]

> the negotiation is not
> authenticated/protected in the fashion that
> IKE's is).

This is easy to fix. Just include the chosen
groups/ciphersuites, etc. in the authentication hash. Also remember to
generate sufficient keying material (auth & encryption keys,
different in each direction). One other thing to think about is whether
you will have multiple associations between two endpoints; if so, then you
probably want something akin to IKE phase 1/phase 2; if not, you can live
with only a phase 1 equivalent. In either case, re-key support is probably
needed to avoid staleness in keying material. 

> iSCSI does have to specify the ESP authentication/integrity
> transform - as things currently stand, a SHA-1 HMAC
> (RFC 2404 specifies HMAC-SHA-1-96) would be a likely
> choice, but an alternate could be an AES-related MAC if
> it's specification will be available in a suitable timeframe.

Before making a choice, you probably want to examine the performance
data. There has been some concern about auth/integrity performance at 10
Gbps, and so some newer integrity mechanisms (e.g. UMAC, as little as 
2 cycles/octet) may be appropriate. In general, it's pretty simple to add
ciphersuite negotiation to SRP, so you won't be stuck with fixed
transforms.