SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iFCP: security position




    After the interim meeting, we restate our security coordinates in the following terms. Additionally, we have expanded our Irvine slides with rationale text and insights that we learnt at the interim meeting. Such amended slide set is available at ftp://standards.nortelnetworks.com/san/ifcp_security_requirements-v2.pdf Comments most welcome.

    Keying: IKE
    Pre-shared keys: MUST implement
    Signature key authentication: MAY implement
    Phase-1/Main Mode: MUST implement
    Phase-1/Aggressive Mode: MAY implement
    Phase-2/Quick Mode: MUST implement                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     Phase-2/Quick Mode + KE payload: MUST implement
    Identities are IP addresses in all Phase-1/Phase-2 Modes

    Integrity MAC:
    HMAC-SHA1: MUST implement
    AES (X)CBC MAC: SHOULD implement*

    Encryption: 
    3DES CBC: MUST implement
    AES CTR: SHOULD implement*
    DES: SHOULD NOT implement
    NULL: MUST implement

    Encapsulation Style:
    Tunnel Mode.

    (*) IFF there is a Proposed Standard RFC that we can cite by the time we hit Last Call. HMAC-SHA1 and 3DES CBC suit us fine otherwise (as justified in the slides).

    -franco
    iFCP Technical Coordinator


    Franco Travostino, Director Content Internetworking Lab
    Advanced Technology Investments
    Nortel Networks, Inc.
    600 Technology Park
    Billerica, MA 01821 USA
    Tel: 978 288 7708 Fax: 978 288 4690
    email: travos@nortelnetworks.com



Home

Last updated: Fri Sep 07 19:17:10 2001
6452 messages in chronological order