FCIP: Security Directions

To: "Elizabeth G Rodriguez \(Elizabeth\)" <egrodriguez@lucent.com>, "Black_David@emc. com" <Black_David@emc.com>, <ips@ece.cmu.edu>
Subject: FCIP: Security Directions
From: "Murali Rajagopal" <muralir@lightsand.com>
Date: Thu, 6 Sep 2001 10:06:19 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
Sender: owner-ips@ece.cmu.edu

In the Irvine IETF meeting I took the action to drive the FCIP authors to
arrive at some consensus on the FCIP security directions within a week. The
outcome of this action is a document that can be found at
ftp://ftp.t11.org/t11/pub/fc/bb-2/01-474v0.pdf. The proposal is to include
this text in the next revision of the draft.

A summary of the FCIP Security directions appears below:

1. Keying Recommendation: Per RFC2409
	- IKE with pre-shared keys MUST implement
	- IKE with public-key based keys MAY implement
	- IKE Main Mode MUST implement
	- IKE Aggressive Mode MAY implement

2. Integrity MAC
	- HMAC-SHA1 MUST implement
	- AES in CBC MAC mode with XCBC extensions SHOULD implement

3. Confidentiality
	When used:
	- 3DES in CBC mode MUST implement
	- AES in CTR mode SHOULD implement
	When not used:
	- NULL Encryption [RFC2410]

4. Encapsulation Modes
	- Tunnel Mode/Transport modes being discussed, with a strong bias towards
Tunnel Mode.

Murali Rajagopal

IPS WG, Technical Coordinator for FCIP Sub WG
~~~~~~~~~~~~~~~~~~~~~~~~~
Chief Scientist
LightSand Communications
muralir@lightsand.com
949-837-1733  x101
http://www.lightsand.com

Prev by Date: RE: iSCSI: login issue - partial consensus call
Next by Date: Marker negotiation
Prev by thread: Re: iSCSI: Async events - SCSI and iSCSI
Next by thread: Marker negotiation
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 11 10:17:15 2001
6506 messages in chronological order