|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI security draftI've taken my own advice and sent in a draft: draft-black-iscsi-security-00.txt is coming soon to an Internet-Draft server near you. I'll put it on a web site somewhere and send a URL if the secretariat doesn't get it processed by Monday. Please note that the following sentence appears in the draft's Abstract: This draft is an individual submission that the IP Storage WG is free to adopt, modify, reject, fold, spindle, and/or mutilate as it sees fit. and that the draft is not intended to become an RFC, although portions of it could wind up in places such as a future version of the main iSCSI draft. The draft has a couple of purposes, (1) capturing iSCSI security requirements and related considerations in one place, and (2) providing more information on how SRP could be used to provide keying material for ESP. As a -00 version, the draft is somewhat drafty (preliminary), and in particular I haven't had the time to get any expert security review of the keying mechanism (e.g., I'll be pleasantly surprised if there isn't a security oversight somewhere in the rekeying description). It would be wrong to assume that SRP is the most likely keying mechanism for iSCSI's use of ESP just because I wrote this draft. There are a bunch of other folks working on coming up with a subset of IKE that would be reasonable to use with iSCSI, and every so often I hear musings about how it might be better to just drop ESP and go back to inband digests (I don't agree, FWTW). In any case, because I've written this draft, Elizabeth is now the designated referee (WG chair) for this keying area of iSCSI security. I'll be happy to explain what's in the draft and the associated rationale/reasoning, but she'll be in charge of driving, determining and calling consensus. While this will certainly be discussed in London, I don't think a choice of keying mechanism will be made until the interim meeting so that the FCIP and iFCP folks who are interested in following iSCSI's security direction can have their say. Enjoy and Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:19 2001 6315 messages in chronological order |