|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FCIP: Security DirectionsIn the Irvine IETF meeting I took the action to drive the FCIP authors to arrive at some consensus on the FCIP security directions within a week. The outcome of this action is a document that can be found at ftp://ftp.t11.org/t11/pub/fc/bb-2/01-474v0.pdf. The proposal is to include this text in the next revision of the draft. A summary of the FCIP Security directions appears below: 1. Keying Recommendation: Per RFC2409 - IKE with pre-shared keys MUST implement - IKE with public-key based keys MAY implement - IKE Main Mode MUST implement - IKE Aggressive Mode MAY implement 2. Integrity MAC - HMAC-SHA1 MUST implement - AES in CBC MAC mode with XCBC extensions SHOULD implement 3. Confidentiality When used: - 3DES in CBC mode MUST implement - AES in CTR mode SHOULD implement When not used: - NULL Encryption [RFC2410] 4. Encapsulation Modes - Tunnel Mode/Transport modes being discussed, with a strong bias towards Tunnel Mode. Murali Rajagopal IPS WG, Technical Coordinator for FCIP Sub WG ~~~~~~~~~~~~~~~~~~~~~~~~~ Chief Scientist LightSand Communications muralir@lightsand.com 949-837-1733 x101 http://www.lightsand.com
Home Last updated: Tue Sep 11 10:17:15 2001 6506 messages in chronological order |