RE: header and data digest issue

To: jonathan@dsg.stanford.edu
Subject: RE: header and data digest issue
From: Black_David@emc.com
Date: Wed, 27 Feb 2002 20:13:28 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

> >For the middlebox problem, ESP cryptographic integrity is the right
> >solution,
> 
> Technically, ESP isn't necessary.  AH between the iSCSI endpoints is
> adequate if the only requirement is to detect and defeat middle boxes.

We're in semi-violent agreement that encryption isn't required.  For
"ESP cryptographic integrity", one example is ESP with the NULL
Encryption Algorithm, as specified in RFC 2410.  AH is not required
for any IP Storage protocol and the ipsec WG is in the process of
removing the requirement for AH from future versions of the ipsec RFCs.

--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

Follow-Ups:
- Re: header and data digest issue
  - From: Jonathan Stone <jonathan@dsg.stanford.edu>

Prev by Date: Re: header and data digest issue
Next by Date: RE: sector alignment for DataOut PDUs?
Prev by thread: Re: header and data digest issue
Next by thread: Re: header and data digest issue
Index(es):
- Date
- Thread

Home

Last updated: Thu Feb 28 19:18:10 2002
8947 messages in chronological order