Re: Outboard Tunnel Mode

["David F Hepner" <dfhepner@us.ibm.com>]

With most corporations security at the corporate firewall is a MUST no
mater what is done at the machine I/O.   With Security functions a MUST for
iSCSI, an installation will pay for security twice and only use it once.
Why pay for security at every I/O when the corporation mandates it at the
edge?
This seems like motorcycle helmet laws.  Why mandate something that a
reasonable person would do any way?

David

------------------------------------------------------
David F. Hepner                     WA7UHT
dfhepner@us.ibm.com
IBM SSG San Jose, CA
(408) 256-4981  Fax (408) 256-6214
Tie Line 8-276-4981
-----------------------------------------------------


John Hufferd/San Jose/IBM@IBMUS@ece.cmu.edu on 12/17/2001 11:13:00 AM

Sent by:    owner-ips@ece.cmu.edu


To:    VAHUJA@aol.com
cc:    ips@ece.cmu.edu
Subject:    Re: Outboard Tunnel Mode




Installations can do what ever they want.  The Security functions are must
implement, NOT must use.

.
.
.
John L. Hufferd
Senior Technical Staff Member (STSM)
IBM/SSG San Jose Ca
Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
Home Office (408) 997-6136, Cell: (408) 499-9702
Internet address: hufferd@us.ibm.com


VAHUJA@aol.com@ece.cmu.edu on 12/17/2001 10:09:10 AM

Sent by:  owner-ips@ece.cmu.edu


To:   ips@ece.cmu.edu
cc:
Subject:  Outboard Tunnel Mode



Folks,

May be I missed something in SLC meeting.  I can expect several
implementations of iSCSI not include any security.Reason - I can see that
customers would often rely on the company's existing VPNs (outboard Router
etc) to protect their data (storage or otherwise) over IP networks. From a
CIO's viewpoint, this approach may make more sense than extending yet
another
layer of IPSec into its servers just for storage data.

 It is not clear to me from the standard if it will be a non-compliance of
iSCSI standard. If so, we may potentially have many non-compliances.