RE: iSCSI and secure boot

To: "David Robinson" <David.Robinson@sun.com>
Subject: RE: iSCSI and secure boot
From: "Douglas Otis" <dotis@sanlight.net>
Date: Mon, 4 Jun 2001 11:12:18 -0700
Cc: "David Robinson" <David.Robinson@EBay.Sun.COM>, "Bernard Aboba" <aboba@internaut.com>, <julian_satran@il.ibm.com>, <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="us-ascii"
Importance: Normal
In-Reply-To: <3B1BA986.11FA0C7@ebay.sun.com>
Sender: owner-ips@ece.cmu.edu

David,

> Again this whole discussion is about how to reliably securely boot
> iSCSI. This topic necessarily focuses on how to insure that the client
> can be securely identified, thus using some sort of key that is
> manageable.
>
> Finally I can't understand how the current proposal mucks with DHCP, it
> uses the standard mechanisms. As described it specifies a new option code
> which is a trivial thing to implement and it has also been proposed to
> use existing option codes.  There is no invention here, and in fact it is
> simpiler than specifying an LDAP schema.

You are suggesting that two versions of iSCSI be created.  One that can
exist within the lean environment within pre-boot and another within the OS
of your choice.  I am not convinced that the prior version of iSCSI would be
a wise investment for many reasons.

If you have some difficulty with the manner in which the Wire-For-Management
proposals work, perhaps you could address those points specifically.  At
least it would come from a perspective that illustrates your concern as to
why the Boot-Integrity-Service, Pre-Execution-Environment, and
Wired-for-management solutions are not meeting the needs of enabling a
secure boot.  I for one would like to understand your concern.

The invention comes from redefining the purpose of DHCP options as a means
of extracting the needed management functions which are then used in
conjunction with embedded queries within the iSCSI transport.  As if iSCSI
was not complex enough, placing this management function into the transport
is where I am suggesting there is again over-reaching.  This is not a
required approach nor one that takes advantage of available services.  In
addition to that, a boot image would be far more stable using LDAP than to
depend on the ability to modify DHCP to provide tailored responses for then
interaction within iSCSI.  You seem to suggest that reinventing these
services is easier than understanding what already exists.  This type of
tailoring should be done using LDAP and not with DHCP or iSCSI or yet
another new server service.

Doug

References:
- Re: iSCSI and secure boot
  - From: David Robinson <David.Robinson@sun.com>

Prev by Date: Re: iSCSI and secure boot
Next by Date: iSCSI Discovery and SendTargets
Prev by thread: Re: iSCSI and secure boot
Next by thread: RE: iSCSI: multiple intiaitor conflicting with target
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:34 2001
6315 messages in chronological order