|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Security GatewaysThis is a multi-part message in MIME format. ------=_NextPart_000_0017_01C11ACC.6B6C6140 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable David, Do your comments also apply to iFCP gateways (i.e. will cryptographic security be required in iFCP gateways in order for these to confirm to = spec)? Saqib Jang Margalla Communications, Inc. 3301 El Camino Real, Suite 220 Atherton, CA 94027 Tel (650) 298 8462 Fax:( 650) 851 1613 http://www.margallacomm.com -------------------------------------------------------------------------= -------------------- The issue is not whether it's "appropriate". The = issue is that if an implementation uses an FCIP Entity = plus an external security gateway, the only interface = that conforms to the forthcoming RFC is the = public/external interface on the security gateway. The interface = between the FCIP Entity and the security gateway is private and fails to conform to the security that will be required of all FCIP implementations. The above paragraph also applies to iSCSI = (substitute iSCSI for FCIP in all instances). Let me also note that = iSCSI's ability to use a security gateway is not final at = this juncture. The spectrum of security possibilities = includes things like SRP keying of ESP and IPsec transport = mode that would make external gateways difficult or = impossible to use. Those who care about being able to use security = gateways (or think that there's no need to support their = use) should speak up on the list, in London, and/or in = Orange County (I would expect the decision not to be made = prior to Orange County) and *EXPLAIN WHY* [technical = rationale]. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 --------------------------------------------------- =20 ------=_NextPart_000_0017_01C11ACC.6B6C6140 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2>David,</FONT></DIV> <DIV><FONT size=3D2>Do your comments also apply to iFCP gateways (i.e. = will=20 cryptographic</FONT></DIV> <DIV><FONT size=3D2>security be required in iFCP gateways in order for = these to=20 confirm to spec)?</FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT size=3D2>Saqib Jang<BR>Margalla Communications, Inc.<BR>3301 = El Camino=20 Real, Suite 220<BR>Atherton, CA 94027<BR>Tel (650) 298 8462 Fax:( = 650) 851=20 1613<BR><A=20 href=3D"http://www.margallacomm.com">http://www.margallacomm.com</A></FON= T></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2>----------------------------------------------------------------= -----------------------------</FONT></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2><BR> = =20 The issue is not whether it's "appropriate". The=20 issue<BR> &nbs= p; =20 is that if an implementation uses an FCIP Entity=20 plus<BR>  = ; =20 an external security gateway, the only interface=20 that<BR>  = ; =20 conforms to the forthcoming RFC is the=20 public/external<BR> = =20 interface on the security gateway. The interface=20 between<BR> &n= bsp; =20 the FCIP Entity and the security gateway is=20 private<BR> &n= bsp; =20 and fails to conform to the security that will=20 be<BR> &= nbsp; =20 required of all FCIP implementations.</FONT></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2> &nbs= p; =20 The above paragraph also applies to iSCSI (substitute=20 iSCSI<BR> &nbs= p; =20 for FCIP in all instances). Let me also note that=20 iSCSI's<BR> &n= bsp; =20 ability to use a security gateway is not final at=20 this<BR>  = ; =20 juncture. The spectrum of security possibilities=20 includes<BR> &= nbsp; =20 things like SRP keying of ESP and IPsec transport mode=20 that<BR>  = ; =20 would make external gateways difficult or impossible to = use.</FONT></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2> &nbs= p; =20 Those who care about being able to use security=20 gateways<BR> &= nbsp; =20 (or think that there's no need to support their=20 use)<BR>  = ; =20 should speak up on the list, in London, and/or in=20 Orange<BR> &nb= sp; =20 County (I would expect the decision not to be made=20 prior<BR> &nbs= p; =20 to Orange County) and *EXPLAIN WHY* [technical rationale].</FONT></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2> &nbs= p; =20 Thanks,<BR> &n= bsp; =20 --David</FONT></DIV> <DIV> </DIV> <DIV><FONT=20 size=3D2> &nbs= p; =20 ---------------------------------------------------<BR> = &= nbsp; =20 David L. Black, Senior=20 Technologist<BR> &nb= sp; =20 EMC Corporation, 42 South St., Hopkinton, MA =20 01748<BR> &nbs= p; =20 +1 (508) 435-1000 x75140 FAX: +1 (508)=20 497-8500<BR> &= nbsp; =20 <A=20 href=3D"mailto:black_david@emc.com">black_david@emc.com</A> &n= bsp; =20 Mobile: +1 (978)=20 394-7754<BR> &= nbsp; =20 ---------------------------------------------------<BR> = &= nbsp; =20 </FONT></DIV></BODY></HTML> ------=_NextPart_000_0017_01C11ACC.6B6C6140--
Home Last updated: Tue Sep 04 01:04:07 2001 6315 messages in chronological order |