RE: iSCSI: IPsec tunnel / transport mode decision

To: ips@ece.cmu.edu
Subject: RE: iSCSI: IPsec tunnel / transport mode decision
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Sat, 10 Nov 2001 10:51:38 +0200
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ips@ece.cmu.edu

SG,

You must have one of them MUST to ensure interoperability.

Julo




Sukanta ganguly <sganguly@yahoo.com>
Sent by: owner-ips@ece.cmu.edu
09-11-01 21:07
Please respond to Sukanta ganguly

 
        To:     Ofer Biran <BIRAN@il.ibm.com>, ips@ece.cmu.edu
        cc: 
        Subject:        RE: iSCSI: IPsec tunnel / transport mode decision

 

By doing this we are forcing IPSec. No flexibility of
going transport over tunnel. I think we were still
having a discussion of whether transport can also be
supported and hence instead of forcing with IPSec
can't we allow both mechanisms to a MAY.

In that scenario one could opt for transport mode with
tunnel and still have a good implementation running.
What do other think?

SG

--- Ofer Biran <BIRAN@il.ibm.com> wrote:
> 
> It seems that most people prefer tunnel over
> transport mode
> and there is no real opposition for choosing tunnel
> mode as
> the MUST. In view of that we intend to add it in
> version 09
> in the following iSCSI statements:
> 
> In Section 10.3.1 Data Integrity and Authentication
> :
> 
> "An iSCSI compliant initiator or target MUST provide
> data
> integrity and authentication by implementing IPSec
> [RFC2401]
> with ESP in tunnel mode [RFC2406] with the
> following..."
> 
> And in Section 10.3.2 Confidentiality :
> 
> "An iSCSI compliant initiator or target MUST provide
> confidentiality by implementing IPSec [RFC2401] with
> ESP in tunnel mode [RFC2406] with the following..."
> 
> Any objection ?
> 
>   Regards,
>     Ofer
> 
> 
> Ofer Biran
> Storage and Systems Technology
> IBM Research Lab in Haifa
> biran@il.ibm.com  972-4-8296253
> 
> 
> "Saqib Jang" <saqibj@margallacomm.com> on 01/11/2001
> 20:03:29
> 
> Please respond to <saqibj@margallacomm.com>
> 
> To:   Ofer Biran/Haifa/IBM@IBMIL, <ips@ece.cmu.edu>
> cc:
> Subject:  RE: iSCSI: IPsec tunnel / transport mode
> decision
> 
> 
> 
> 
> -----Original Message-----
> From: owner-ips@ece.cmu.edu
> [mailto:owner-ips@ece.cmu.edu]On Behalf Of
> Ofer Biran
> Sent: Thursday, November 01, 2001 4:31 AM
> To: ips@ece.cmu.edu
> Subject: iSCSI: IPsec tunnel / transport mode
> decision
> 
> 
> I'd like to drive this open issue into group
> consensus. It seems to
> me that the tendency was more toward making tunnel
> mode a MUST as iFCP
> and FCIP did, mainly due the option of integrating
> an existing IPsec
> chip/box with the iSCSI implementation offering. If
> we reach this decision,
> we may choose even not to mention transport mode (as
> MAY or some other
> recommending text).
> 
> There is an excellent analysis made by Bernard Aboba
> in Section
> "5.1. Transport mode versus tunnel mode" of
> draft-ietf-ips-security-04
> (
>
http://www.ietf.org/internet-drafts/draft-ietf-ips-security-04.txt
> )
> that can help us with this decision (also Section
> "5.2. NAT traversal" is
> relevant).
> 
>    Regards,
>      Ofer
> 
> Ofer Biran
> Storage and Systems Technology
> IBM Research Lab in Haifa
> biran@il.ibm.com  972-4-8296253
> 
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com

Prev by Date: Re: iSCSI Clarification (again) for Task Management Commands
Next by Date: RE: iSCSI: Clarification (again) for Task Management Commands
Prev by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Next by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Index(es):
- Date
- Thread

Home

Last updated: Sun Nov 11 05:17:56 2001
7743 messages in chronological order