Re: iSCSI - three negotiation items

["Julian Satran" <Julian_Satran@il.ibm.com>]

comments in text. Julo



Black_David@emc.com on 02-08-2001 04:46:53

Please respond to Black_David@emc.com

To:   ips@ece.cmu.edu
cc:
Subject:  iSCSI - three negotiation items




Going through the list of simplification suggestions,
I found a few items that look like they
should be reasonable to deal with on the list.

(1) For any key that can take a numeric value, could
we specify the required base for the number, either
decimal or hex, not both.  The practical issue is that
the sort of large values used for keys and the like
in security are much easier to deal with in hex than
decimal.

+++ the current draft allows for both - Is there something wrong with that?
Hex is simpler but if data gets copied from somewhere else and that is a
decimal source then that is error prone +++

(2) The KRB5 and SPKM inband cryptographic integrity
digests on p.136 seem to be relics of a prior inband
approach to security.  Has anyone implemented them?
Does anyone want them to remain?  Can we just delete
them?

+++ Yes - I think we can take them out although UMAC may get-in at some
point :-) +++
(3) Can HeaderDigest and DataDigest be combined?
If (2) is done, this is about making use of CRC-32C
a single on/off switch rather than two separate switches
for header and data?

+++ combining defeats the purpose of the iSCSI CRC - to get you through
iSCSI proxies that may change the header but will not change the data +++

Comments?  Objections (with rationale)?

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------