SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI security draft



    I've taken my own advice and sent in a draft:
    draft-black-iscsi-security-00.txt is coming soon to
    an Internet-Draft server near you.  I'll put it on
    a web site somewhere and send a URL if the
    secretariat doesn't get it processed by Monday.
    
    Please note that the following sentence appears
    in the draft's Abstract:
    
       This draft is
       an individual submission that the IP Storage WG is free to adopt,
       modify, reject, fold, spindle, and/or mutilate as it sees fit.
    
    and that the draft is not intended to become an RFC,
    although portions of it could wind up in places such
    as a future version of the main iSCSI draft.
    
    The draft has a couple of purposes, (1) capturing
    iSCSI security requirements and related considerations
    in one place, and (2) providing more information on
    how SRP could be used to provide keying material for
    ESP.  As a -00 version, the draft is somewhat drafty
    (preliminary), and in particular I haven't had the
    time to get any expert security review of the keying
    mechanism (e.g., I'll be pleasantly surprised if
    there isn't a security oversight somewhere in the
    rekeying description).
    
    It would be wrong to assume that SRP is the most likely
    keying mechanism for iSCSI's use of ESP just because I
    wrote this draft.  There are a bunch of other folks
    working on coming up with a subset of IKE that would
    be reasonable to use with iSCSI, and every so often I
    hear musings about how it might be better to just drop
    ESP and go back to inband digests (I don't agree, FWTW).  
    
    In any case, because I've written this draft, Elizabeth
    is now the designated referee (WG chair) for this keying
    area of iSCSI security.  I'll be happy to explain what's
    in the draft and the associated rationale/reasoning, but
    she'll be in charge of driving, determining and calling
    consensus.  While this will certainly be discussed in
    London, I don't think a choice of keying mechanism will
    be made until the interim meeting so that the FCIP and
    iFCP folks who are interested in following iSCSI's
    security direction can have their say.
    
    Enjoy and Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:04:19 2001
6315 messages in chronological order