|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI over TLSThank you for the clarification. It makes sense moving toward 10GbE to use IPSEC. It would also really be beneficial to allow iSCSI to utilize TLS, essentially have iSCSI support either IPSEC or TLS rather than just IPSEC. This would only help to proliferate secure iSCSI as well as allow more products to incorporate strong security in a flexible manner ( there are a number of export issues with having strong security embedded in silicon around a TOE) It would not require much work in terms of the RFC effort, all we would need is another IANA port ( iSCSI and iSCSI/TLS) and a default cipher suite. It would be better have the standard support TLS rather than have proprietary port numbers and cipher suites resulting in lack of interoperation. Thanks, Peter Mellquist Seven Systems Technologies 575 Menlo Drive Suite 2 Rocklin CA 916-577-1275 peterm@seven-systems.com ----- Original Message ----- From: "Julian Satran" <Julian_Satran@il.ibm.com> To: <ips@ece.cmu.edu> Sent: Tuesday, November 06, 2001 10:16 PM Subject: Re: iSCSI over TLS > Peter, > > A group of us seriously considered TLS. The main reason for dropping it > was that it would interfere with any mechanism we could think of doing > framing and steering and we thought that framing and steering are > essential at 10Gbps and over. > > Julo > > > > > "Peter Mellquist" <peterm@seven-systems.com> > Sent by: owner-ips@ece.cmu.edu > 07-11-01 02:15 > Please respond to "Peter Mellquist" > > > To: <ips@ece.cmu.edu> > cc: > Subject: iSCSI over TLS > > > > I am aware that the ips group is leaning toward IPSEC as for the security > solution but I am interested if anyone is also considering using Transport > Layer Security (TLS)? > > I am concerned that the requirement for IPSEC might make TOEs more > complex > than they need to be. Can TLS be optionally used as well as defined by the > specification? This could allow TOE vendors to only be concerned with > providing normal IPv4 / ipv6 and leave the security to a higher layer. A > TLS > stack sitting above the TOE could then handle security very well. Also, I > anticipate that the first generation of TOEs will not support IPSEC. With > a > iSCSI/TLS we could enable security solutions with the first generation of > TOEs and get speed and security. > > Are any TOE vendors planning to support IPSEC? > > Can TLS or IPSEC be supported? > > -peter > > > > Peter Mellquist > Seven Systems Technologies > 575 Menlo Drive Suite 2 > Rocklin CA > 916-577-1275 > peterm@seven-systems.com > > > > >
Home Last updated: Thu Nov 08 16:17:37 2001 7659 messages in chronological order |