SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Open Questions on iSCSI 07 security



    I have been reading the iSCSI security in the drafts s (06, 07) and David's paper on the iSCSI security issues. I have a few questions that seem to (me to) remain unaswered. If they are already answered, I'd welcome the answers; if not - I suggest we include these in the discussions on 8/28th at Irvine.
    
    AUTHENTICATION: The 06 level states authentication is a MUST and the 07 level states that SRP is a MUST. But the SRP RFC does not provide sufficient details on formats and protocols that will be needed to allow 
    interoperability among different implementation.
    
    A related development is the SLAP protocol from Brocade that uses PKI for authentication and possibly other use. Any suggestions on converging the two approaches for authenticating storage devices: iSCSI or otherwise.
    
    DATA INTEGRITY: This is a MUST in 06 level. But no algorithm has been identified. The draft does state that IPSec can be used here - and IPSec requires use of HMAC-MD5 and HMAC-SHA 1, and a few optional. It'd perhaps be better to state in the iSCSI standard the specific chosen algorithms for iSCSI Data Integrity. 
    
    CONFIDENTIALITY: I agree with David that we must specify the algorithm, whther that's OPT or a MUST.
    And what about key exchange (IKE, D-H etc.)? Also, IPSec, as far as I can tell, not yet blessed AES - perhaps we should address this.
    
    Thanks, Vijay
    


Home

Last updated: Tue Sep 04 01:03:59 2001
6315 messages in chronological order