|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: IPsec tunnel / transport mode decisionNo, this issue never got rough consensus. The statement was put there just to provoke the discussion. And before the thread of the security draft official positioning is awaken - an effort will be made s.t. it will not include any normative text that doesn't match the protocols standards normative text. Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253 "Saqib Jang" <saqibj@margallacomm.com> on 01/11/2001 19:03:29 Please respond to <saqibj@margallacomm.com> To: Ofer Biran/Haifa/IBM@IBMIL, <ips@ece.cmu.edu> cc: Subject: RE: iSCSI: IPsec tunnel / transport mode decision I thought the latest security draft already closed on this issue. From Section 2.3 of -04 draft. iSCSI security implementations MUST support ESP in transport mode. Saqib -----Original Message----- From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of Ofer Biran Sent: Thursday, November 01, 2001 4:31 AM To: ips@ece.cmu.edu Subject: iSCSI: IPsec tunnel / transport mode decision I'd like to drive this open issue into group consensus. It seems to me that the tendency was more toward making tunnel mode a MUST as iFCP and FCIP did, mainly due the option of integrating an existing IPsec chip/box with the iSCSI implementation offering. If we reach this decision, we may choose even not to mention transport mode (as MAY or some other recommending text). There is an excellent analysis made by Bernard Aboba in Section "5.1. Transport mode versus tunnel mode" of draft-ietf-ips-security-04 ( http://www.ietf.org/internet-drafts/draft-ietf-ips-security-04.txt ) that can help us with this decision (also Section "5.2. NAT traversal" is relevant). Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253
Home Last updated: Thu Nov 01 16:17:35 2001 7520 messages in chronological order |