|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI security draft URLTemporary URL until this hits the I-D servers: http://www.ultranet.com/~dlb237/draft-black-ips-iscsi-security-00.txt > -----Original Message----- > From: Black_David@emc.com [SMTP:Black_David@emc.com] > Sent: Thursday, July 12, 2001 9:37 PM > To: ips@ece.cmu.edu > Subject: iSCSI security draft > > I've taken my own advice and sent in a draft: > draft-black-iscsi-security-00.txt is coming soon to > an Internet-Draft server near you. I'll put it on > a web site somewhere and send a URL if the > secretariat doesn't get it processed by Monday. > > Please note that the following sentence appears > in the draft's Abstract: > > This draft is > an individual submission that the IP Storage WG is free to adopt, > modify, reject, fold, spindle, and/or mutilate as it sees fit. > > and that the draft is not intended to become an RFC, > although portions of it could wind up in places such > as a future version of the main iSCSI draft. > > The draft has a couple of purposes, (1) capturing > iSCSI security requirements and related considerations > in one place, and (2) providing more information on > how SRP could be used to provide keying material for > ESP. As a -00 version, the draft is somewhat drafty > (preliminary), and in particular I haven't had the > time to get any expert security review of the keying > mechanism (e.g., I'll be pleasantly surprised if > there isn't a security oversight somewhere in the > rekeying description). > > It would be wrong to assume that SRP is the most likely > keying mechanism for iSCSI's use of ESP just because I > wrote this draft. There are a bunch of other folks > working on coming up with a subset of IKE that would > be reasonable to use with iSCSI, and every so often I > hear musings about how it might be better to just drop > ESP and go back to inband digests (I don't agree, FWTW). > > In any case, because I've written this draft, Elizabeth > is now the designated referee (WG chair) for this keying > area of iSCSI security. I'll be happy to explain what's > in the draft and the associated rationale/reasoning, but > she'll be in charge of driving, determining and calling > consensus. While this will certainly be discussed in > London, I don't think a choice of keying mechanism will > be made until the interim meeting so that the FCIP and > iFCP folks who are interested in following iSCSI's > security direction can have their say. > > Enjoy and Thanks, > --David > > --------------------------------------------------- > David L. Black, Senior Technologist > EMC Corporation, 42 South St., Hopkinton, MA 01748 > +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 > black_david@emc.com Mobile: +1 (978) 394-7754 > ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:18 2001 6315 messages in chronological order |