SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: IPsec Usage Question



    Excerpt of message (sent 5 February 2002) by Ofer Biran:
    > 
    > Paul,
    > 
    > >This example MUST work.  So you cannot require inner == outer
    > >address, because that translates into saying that IP Storage cannot be
    > >protected by a site to site IPsec tunnel.
    > 
    > This is not Kansas any more... The iSCSI devices on both sites (assuming
    > that's their only IPsec protection) are not iSCSI compliant. This
    > definitely
    > doesn't cover the IPsec protection mandated by iSCSI.
    
    No, you're mistaken.
    
    I said nothing about what the iSCSI devices IMPLEMENT.  I only talked
    about what was IN USE by the customer.  In the example, the customer
    chose to USE a different security mechanism for reasons of cost,
    convenience, site policy, or whatever.
    
    Remember that the proposed requirement is "required to implement" and
    NOT "required to use".
    
    My interpretation of having "use" be optional is that you also have
    the option of securing your traffic via other means.  
    
    Am I right?  Or is it the intent of the WG to say that no other
    security mechanisms are allowed -- if you want security you MUST use
    the one that is mandated in iSCSI nodes?  If so, for what reason?
    
        paul
    
    


Home

Last updated: Tue Feb 05 13:17:56 2002
8643 messages in chronological order