iSCSI security draft

To: ips@ece.cmu.edu
Subject: iSCSI security draft
From: Black_David@emc.com
Date: Thu, 12 Jul 2001 21:37:13 -0400
Content-Type: text/plain
Sender: owner-ips@ece.cmu.edu

I've taken my own advice and sent in a draft:
draft-black-iscsi-security-00.txt is coming soon to
an Internet-Draft server near you.  I'll put it on
a web site somewhere and send a URL if the
secretariat doesn't get it processed by Monday.

Please note that the following sentence appears
in the draft's Abstract:

   This draft is
   an individual submission that the IP Storage WG is free to adopt,
   modify, reject, fold, spindle, and/or mutilate as it sees fit.

and that the draft is not intended to become an RFC,
although portions of it could wind up in places such
as a future version of the main iSCSI draft.

The draft has a couple of purposes, (1) capturing
iSCSI security requirements and related considerations
in one place, and (2) providing more information on
how SRP could be used to provide keying material for
ESP.  As a -00 version, the draft is somewhat drafty
(preliminary), and in particular I haven't had the
time to get any expert security review of the keying
mechanism (e.g., I'll be pleasantly surprised if
there isn't a security oversight somewhere in the
rekeying description).

It would be wrong to assume that SRP is the most likely
keying mechanism for iSCSI's use of ESP just because I
wrote this draft.  There are a bunch of other folks
working on coming up with a subset of IKE that would
be reasonable to use with iSCSI, and every so often I
hear musings about how it might be better to just drop
ESP and go back to inband digests (I don't agree, FWTW).  

In any case, because I've written this draft, Elizabeth
is now the designated referee (WG chair) for this keying
area of iSCSI security.  I'll be happy to explain what's
in the draft and the associated rationale/reasoning, but
she'll be in charge of driving, determining and calling
consensus.  While this will certainly be discussed in
London, I don't think a choice of keying mechanism will
be made until the interim meeting so that the FCIP and
iFCP folks who are interested in following iSCSI's
security direction can have their say.

Enjoy and Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: Re: Record-oriented transport
Next by Date: iSCSI Check Condition
Prev by thread: iSCSI Security draft
Next by thread: IPS Draft Charter update
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:19 2001
6315 messages in chronological order