|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI IPsec-Related Algorithm ProposalDavid: Progress on completing the iSCSI draft RFCs is extending past the development deadlines necessary to allow 2002 product teams to complete their designs. One open issue relates to selecting the specific IPsec ESP integrity (mandatory to implement) and confidentiality (optional to implement) algorithms for use with iSCSI. Members of the working group have been focused until now on algorithms that would scale to 10 Gbit/sec. Even though progress has been made at identifying promising candidate algorithms (AES-based PMAC Mode for integrity and AES-based Counter Mode for confidentiality - see http://csrc.nist.gov/encryption/modes/), this work will not be completed in time for inclusion in 2002 products. As a result, I would like to propose to the iSCSI Working Group a two-phase strategy for selecting the specific IPsec ESP integrity and confidentiality algorithms for use with iSCSI. Since almost all 2002 products will be using 1 Gbit/sec interfaces, phase one products would standardize on already approved IPsec ESP algorithms that can be scaled to 1 Gbit/sec and phase two products (i.e., 2003) would standardize on algorithms that can be scaled to 10 Gbit/sec. Specifically, phase one products would use AES CBC MAC mode as the integrity algorithm and AES CBC mode as the confidentiality algorithm. This proposal means vendors only have to implement a single base-algorithm with slight mode variations in order to have a complete 1 Gbit solution (integrity and confidentiality). Adopting AES in phase one also establishes a foundation upon which to build phase two solutions (different modes of operation on the same base algorithm). While this proposal only addresses a small part of the total "iSCSI security" problem. It would allow silicon vendors to finalize a critical part of their 2002 designs. Thanks Howard C. Herbert Product Architect Intel Corporation LAN Access Division Phone: 480-554-3116
Home Last updated: Tue Sep 04 01:04:22 2001 6315 messages in chronological order |