|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI: IPsec tunnel / transport mode decisionDoes this mean that transport mode will be a "MAY" or a "SHOULD"? Howard -----Original Message----- From: Ofer Biran [mailto:BIRAN@il.ibm.com] Sent: Friday, November 09, 2001 10:54 AM To: ips@ece.cmu.edu Subject: RE: iSCSI: IPsec tunnel / transport mode decision It seems that most people prefer tunnel over transport mode and there is no real opposition for choosing tunnel mode as the MUST. In view of that we intend to add it in version 09 in the following iSCSI statements: In Section 10.3.1 Data Integrity and Authentication : "An iSCSI compliant initiator or target MUST provide data integrity and authentication by implementing IPSec [RFC2401] with ESP in tunnel mode [RFC2406] with the following..." And in Section 10.3.2 Confidentiality : "An iSCSI compliant initiator or target MUST provide confidentiality by implementing IPSec [RFC2401] with ESP in tunnel mode [RFC2406] with the following..." Any objection ? Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253 "Saqib Jang" <saqibj@margallacomm.com> on 01/11/2001 20:03:29 Please respond to <saqibj@margallacomm.com> To: Ofer Biran/Haifa/IBM@IBMIL, <ips@ece.cmu.edu> cc: Subject: RE: iSCSI: IPsec tunnel / transport mode decision -----Original Message----- From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of Ofer Biran Sent: Thursday, November 01, 2001 4:31 AM To: ips@ece.cmu.edu Subject: iSCSI: IPsec tunnel / transport mode decision I'd like to drive this open issue into group consensus. It seems to me that the tendency was more toward making tunnel mode a MUST as iFCP and FCIP did, mainly due the option of integrating an existing IPsec chip/box with the iSCSI implementation offering. If we reach this decision, we may choose even not to mention transport mode (as MAY or some other recommending text). There is an excellent analysis made by Bernard Aboba in Section "5.1. Transport mode versus tunnel mode" of draft-ietf-ips-security-04 ( http://www.ietf.org/internet-drafts/draft-ietf-ips-security-04.txt ) that can help us with this decision (also Section "5.2. NAT traversal" is relevant). Regards, Ofer Ofer Biran Storage and Systems Technology IBM Research Lab in Haifa biran@il.ibm.com 972-4-8296253
Home Last updated: Sat Nov 10 11:17:46 2001 7740 messages in chronological order |