SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: ISCSI: Required Crytographic transforms for iSCSI



    Yes, NULL Encryption needs to be a "MUST implement", fortunately,
    it's not a lot of code or hardware :-).  It was "MUST implement"
    as of the Nashua meeting, and there was no intention to change
    that - I'll make sure this appears on the summary of security
    directions from the Orange County meeting (which will include
    the rationale for those directions) that I intend to get to the
    list *today* (i.e., well in advance of the draft minutes).
    
    The good news in the other direction is that we don't need any
    additional language to enable Encryption without a MAC - IKE/ISAKMP
    allows this by omission of negotiation of the MAC (just to confuse
    things, a MAC is an "Authentication Algorithm" in ISAKMP-speak).
    Encryption ("Transform" in ISAKMP-speak, includes both the actual
    crypto algorithm and its operating mode) negotiation cannot
    be omitted for ESP due to design decisions in ESP and ISAKMP,
    hence the need to make "NULL encryption" a "MUST implement".
    
    Credit to Bill for catching this.  Thanks,
    --David
    
    > -----Original Message-----
    > From: Bill Strahm [mailto:bill@sanera.net]
    > Sent: Wednesday, August 29, 2001 11:34 AM
    > To: Ips@Ece. Cmu. Edu
    > Subject: ISCSI: Required Crytographic transforms for iSCSI
    > 
    > 
    > When we were talking about required transforms yesterday in 
    > Los Angeles, I
    > believe that we forgot a VERY important transform that need 
    > to be a MUST
    > implement for ESP.  That is the NULL Encryption Algorithm (RFC2410).
    > 
    > I propose that this algorithm is a MUST implement for all iSCSI
    > implementations
    > 
    > Bill
    > Sanera Systems Inc.
    > 
    


Home

Last updated: Tue Sep 04 01:03:50 2001
6315 messages in chronological order