RE: iSCSI: IPsec tunnel / transport mode decision

To: <ips@ece.cmu.edu>
Subject: RE: iSCSI: IPsec tunnel / transport mode decision
From: "Ofer Biran" <BIRAN@il.ibm.com>
Date: Fri, 9 Nov 2001 19:53:45 +0200
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu


It seems that most people prefer tunnel over transport mode
and there is no real opposition for choosing tunnel mode as
the MUST. In view of that we intend to add it in version 09
in the following iSCSI statements:

In Section 10.3.1 Data Integrity and Authentication :

"An iSCSI compliant initiator or target MUST provide data
integrity and authentication by implementing IPSec [RFC2401]
with ESP in tunnel mode [RFC2406] with the following..."

And in Section 10.3.2 Confidentiality :

"An iSCSI compliant initiator or target MUST provide
confidentiality by implementing IPSec [RFC2401] with
ESP in tunnel mode [RFC2406] with the following..."

Any objection ?

  Regards,
    Ofer


Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253


"Saqib Jang" <saqibj@margallacomm.com> on 01/11/2001 20:03:29

Please respond to <saqibj@margallacomm.com>

To:   Ofer Biran/Haifa/IBM@IBMIL, <ips@ece.cmu.edu>
cc:
Subject:  RE: iSCSI: IPsec tunnel / transport mode decision




-----Original Message-----
From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
Ofer Biran
Sent: Thursday, November 01, 2001 4:31 AM
To: ips@ece.cmu.edu
Subject: iSCSI: IPsec tunnel / transport mode decision


I'd like to drive this open issue into group consensus. It seems to
me that the tendency was more toward making tunnel mode a MUST as iFCP
and FCIP did, mainly due the option of integrating an existing IPsec
chip/box with the iSCSI implementation offering. If we reach this decision,
we may choose even not to mention transport mode (as MAY or some other
recommending text).

There is an excellent analysis made by Bernard Aboba in Section
"5.1. Transport mode versus tunnel mode" of draft-ietf-ips-security-04
( http://www.ietf.org/internet-drafts/draft-ietf-ips-security-04.txt )
that can help us with this decision (also Section "5.2. NAT traversal" is
relevant).

   Regards,
     Ofer

Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253

Follow-Ups:
- RE: iSCSI: IPsec tunnel / transport mode decision
  - From: Sukanta ganguly <sganguly@yahoo.com>
- RE: iSCSI: IPsec tunnel / transport mode decision
  - From: "Saqib Jang" <saqibj@margallacomm.com>
- RE: iSCSI: IPsec tunnel / transport mode decision
  - From: Paul Koning <ni1d@arrl.net>

Prev by Date: Re: FCencap: List ALL SOF/EOF codes
Next by Date: RE: FCencap: List ALL SOF/EOF codes
Prev by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Next by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Index(es):
- Date
- Thread

Home

Last updated: Fri Nov 09 18:17:37 2001
7715 messages in chronological order