|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: IPsec Usage QuestionExcerpt of message (sent 5 February 2002) by Ofer Biran: > > Paul, > > >This example MUST work. So you cannot require inner == outer > >address, because that translates into saying that IP Storage cannot be > >protected by a site to site IPsec tunnel. > > This is not Kansas any more... The iSCSI devices on both sites (assuming > that's their only IPsec protection) are not iSCSI compliant. This > definitely > doesn't cover the IPsec protection mandated by iSCSI. No, you're mistaken. I said nothing about what the iSCSI devices IMPLEMENT. I only talked about what was IN USE by the customer. In the example, the customer chose to USE a different security mechanism for reasons of cost, convenience, site policy, or whatever. Remember that the proposed requirement is "required to implement" and NOT "required to use". My interpretation of having "use" be optional is that you also have the option of securing your traffic via other means. Am I right? Or is it the intent of the WG to say that no other security mechanisms are allowed -- if you want security you MUST use the one that is mandated in iSCSI nodes? If so, for what reason? paul
Home Last updated: Tue Feb 05 13:17:56 2002 8643 messages in chronological order |