|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: header and data digest issue> >For the middlebox problem, ESP cryptographic integrity is the right > >solution, > > Technically, ESP isn't necessary. AH between the iSCSI endpoints is > adequate if the only requirement is to detect and defeat middle boxes. We're in semi-violent agreement that encryption isn't required. For "ESP cryptographic integrity", one example is ESP with the NULL Encryption Algorithm, as specified in RFC 2410. AH is not required for any IP Storage protocol and the ipsec WG is in the process of removing the requirement for AH from future versions of the ipsec RFCs. --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Thu Feb 28 19:18:10 2002 8947 messages in chronological order |