|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: FW: I-D ACTION:draft-aboba-ips-iscsi-security-00.txtLast Friday, NIST held a modes of operation workshop (for the protection and privacy of sensitive but unclassified data, NIST authorizes suitable algorithms and techniques for use by federal government departments and agencies). OCB is one of three modes considered that achieve both privacy and authentication, as well as the potential to scale well for speed. All three either have patents or have been submitted for patents. IMHO w/o coding them, only two of the three, OCB and Integrity Aware Parallelizable Mode (IAPM) will scale well to support 10 Gbs and more. IAPM's patent is held by IBM, OCB by Phil Rogaway. The patent issue came up during the discussion time -- no one present knew of a provably secure mode with the properties of OCB that was unpatented. One could find an unpatented mode for privacy, say counter mode, and then add a MAC that provides authentication, but that is an extra step (plus I think you might run into the patent problem again in finding a MAC that will permit 10 Gbs speed). Mark Winstead -----Original Message----- From: Black_David@emc.com [mailto:Black_David@emc.com] Sent: Tuesday, August 21, 2001 8:17 PM To: sandeepj@research.bell-labs.com; ips@ece.cmu.edu Subject: RE: FW: I-D ACTION:draft-aboba-ips-iscsi-security-00.txt Sandeep, There is a patent on it, and a license is required to ship product. The license should be available under fair, reasonable, and non- discriminatory terms, but will not be free. A reasonable guess would be that iSCSI licensing terms would be similar to the 802.11 terms, and that a suitable IETF intellectual property rights notice will be forthcoming. OTOH, this does seem to run counter to the usual IETF preference for unpatented technology over patented technology provided that the unpatented technology is a functionally suitable replacement for the patented technology. Whether there are functionally suitable unpatented replacements for OCB is an issue for further discussion, ditto the requirements and preferences that lead to the recommendation of OCB. A draft on OCB would need to go through the ipsec WG if we were to use OCB, and my impression is that at least some portion of that community has a very strong preference for unpatented technology. I hope this is what you were looking for in the way of comments. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 --------------------------------------------------- > -----Original Message----- > From: sandeepj@research.bell-labs.com > [mailto:sandeepj@research.bell-labs.com] > Sent: Tuesday, August 21, 2001 7:49 PM > To: ips@ece.cmu.edu > Subject: Re: FW: I-D ACTION:draft-aboba-ips-iscsi-security-00.txt > > > David, > > Could you comment on the intellectual rights issues > here, particularly on AES-OCB, which will be mandatory > according to this draft (Sec 2.1) > > http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-back.htm > mentions the licensing terms for 802.11 products. > > Secondly, appendix tables A.5 and A.6 seem to indicate > that AES-CTR+UMAC performance is better than AES-OCB. > Has AES-OCB been chosen since it requires lesser keying > material and memory ? > > thanks > -Sandeep > > > FYI - this is about use of IKE and IPsec algorithm selection > > considerations. --David > > > > -----Original Message----- > > From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] > > Sent: Tuesday, August 21, 2001 7:25 AM > > Subject: I-D ACTION:draft-aboba-ips-iscsi-security-00.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > > > Title : Securing iSCSI using IPsec > > Author(s) : B. Aboba et al. > > Filename : draft-aboba-ips-iscsi-security-00.txt > > Pages : 35 > > Date : 20-Aug-01 > > > > This document discusses how iSCSI may utilize IPsec to provide > > authentication, integrity, confidentiality and replay protection. > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-aboba-ips-iscsi-security-00.txt > > Internet-Drafts are also available by anonymous FTP. Login with the username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-aboba-ips-iscsi-security-00.txt". > > A list of Internet-Drafts directories can be found in > http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > Internet-Drafts can also be obtained by e-mail. > > Send a message to: > mailserv@ietf.org. > In the body type: > "FILE /internet-drafts/draft-aboba-ips-iscsi-security-00.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > --------------------------------------------------------- > + Date: Tue, 21 Aug 2001 09:29:53 -0400 > + Content-Type: > multipart/mixed;boundary="----_=_NextPart_002_01C12A44.418236C0" > > ATT36560 > > <ftp://internet-drafts/> > Transfer-mode: ftp.ietf.org > --------------------------------------------------------- >
Home Last updated: Tue Sep 04 01:03:53 2001 6315 messages in chronological order |