|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Open Questions on iSCSI 07 securityI have been reading the iSCSI security in the drafts s (06, 07) and David's paper on the iSCSI security issues. I have a few questions that seem to (me to) remain unaswered. If they are already answered, I'd welcome the answers; if not - I suggest we include these in the discussions on 8/28th at Irvine. AUTHENTICATION: The 06 level states authentication is a MUST and the 07 level states that SRP is a MUST. But the SRP RFC does not provide sufficient details on formats and protocols that will be needed to allow interoperability among different implementation. A related development is the SLAP protocol from Brocade that uses PKI for authentication and possibly other use. Any suggestions on converging the two approaches for authenticating storage devices: iSCSI or otherwise. DATA INTEGRITY: This is a MUST in 06 level. But no algorithm has been identified. The draft does state that IPSec can be used here - and IPSec requires use of HMAC-MD5 and HMAC-SHA 1, and a few optional. It'd perhaps be better to state in the iSCSI standard the specific chosen algorithms for iSCSI Data Integrity. CONFIDENTIALITY: I agree with David that we must specify the algorithm, whther that's OPT or a MUST. And what about key exchange (IKE, D-H etc.)? Also, IPSec, as far as I can tell, not yet blessed AES - perhaps we should address this. Thanks, Vijay
Home Last updated: Tue Sep 04 01:03:59 2001 6315 messages in chronological order |