|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: ISCSI: Required Crytographic transforms for iSCSIYes, NULL Encryption needs to be a "MUST implement", fortunately, it's not a lot of code or hardware :-). It was "MUST implement" as of the Nashua meeting, and there was no intention to change that - I'll make sure this appears on the summary of security directions from the Orange County meeting (which will include the rationale for those directions) that I intend to get to the list *today* (i.e., well in advance of the draft minutes). The good news in the other direction is that we don't need any additional language to enable Encryption without a MAC - IKE/ISAKMP allows this by omission of negotiation of the MAC (just to confuse things, a MAC is an "Authentication Algorithm" in ISAKMP-speak). Encryption ("Transform" in ISAKMP-speak, includes both the actual crypto algorithm and its operating mode) negotiation cannot be omitted for ESP due to design decisions in ESP and ISAKMP, hence the need to make "NULL encryption" a "MUST implement". Credit to Bill for catching this. Thanks, --David > -----Original Message----- > From: Bill Strahm [mailto:bill@sanera.net] > Sent: Wednesday, August 29, 2001 11:34 AM > To: Ips@Ece. Cmu. Edu > Subject: ISCSI: Required Crytographic transforms for iSCSI > > > When we were talking about required transforms yesterday in > Los Angeles, I > believe that we forgot a VERY important transform that need > to be a MUST > implement for ESP. That is the NULL Encryption Algorithm (RFC2410). > > I propose that this algorithm is a MUST implement for all iSCSI > implementations > > Bill > Sanera Systems Inc. >
Home Last updated: Tue Sep 04 01:03:50 2001 6315 messages in chronological order |