RE: iSCSI Security: Environment and Requirements

To: Black_David@emc.com
Subject: RE: iSCSI Security: Environment and Requirements
From: Black_David@emc.com
Date: Thu, 5 Jul 2001 09:05:48 -0400
Cc: ips@ece.cmu.edu
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu

CC'ing the list with an answer to an off-line question as I believe
the answer is of general interest.

> Is built-in IPsec support a requirement for iSCSI initiators and
> targets or can initiators/targets rely on external IPsec gateways.
> Also, what type of IPsec support (tunnel or transport mode,
> AH/ESP) is envisioned?

As of right now, external gateways can be used, BUT the result
would be that only the interface on the secure side of the gateway
would be considered compliant to the iSCSI spec (i.e., the interface
between the iSCSI device and the gateway would NOT be compliant).

I would offer the caution that some of the possible solutions to the
rekeying situation may result in tighter binding between iSCSI and
IPsec that would favor built-in IPsec support and/or require modifications
to external gateways.  I believe the anticipated IPsec requirement
is ESP in tunnel mode, but this is also subject to change (e.g.,
will almost certainly be discussed further in London).

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: Re: iSCSI: Indication of final data-out sequence
Next by Date: Re: iSCSI: Iterating long text responses
Prev by thread: iSCSI Security: Environment and Requirements
Next by thread: RE: iSCSI Security: Environment and Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:21 2001
6315 messages in chronological order