|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] IPSEC target and transport modePierre, > Based on what has been decided in Minneapolis could you confirm > that the following 4 points still hold true for iSCSI. Actually, no, and thanks for asking, as you reminded me that I promised to take this topic to the list. I've changed the Subject on this message slightly because this discussion applies to all of the IP Storage protocols, not just iSCSI. The sense of the room in Minneapolis (and it was a bit rough, with visible dissent) was to drop the requirement for IPsec transport mode. Tunnel mode would become "MUST implement", transport mode would become "MAY implement", and this would override the "host must support both tunnel mode and transport mode" requirement of RFC 2401. Any procedural questions or objections about whether/how/why the IPS WG is allowed/entitled to override IPsec RFC requirements should be sent directly to me off the list - we are allowed to do this solely for the use of IPsec technology with the IPS protocols and have been doing so for the past year. Much of the responsibility for this flip-flop is mine (if you thought this WG co-chair was infallible, you were bound to be disappointed sooner or later ;-) ) - the transport mode requirement that is to be dropped was inserted at the Huntington Beach meeting last month, and I admit to leaning on the WG to put this in on the basis that I believed it would be necessary to get approval of the Security Area in the IESG. Since that time, a new Security Area Director has been appointed, Steve Bellovin. Steve and I had lunch on Monday of IETF week, and his advice on this issue was to drop the transport requirement as a "MUST implement" for tunnel mode is sufficient for interoperability. While I believe the current situation does represent rough consensus of the WG, there was a visible minority in the meeting who dissented from this decision, and essentially no time to discuss it. Hence, this is an opportunity for those who would like to see the transport mode requirement from Huntington Beach retained to explain why on the list and see if they can convince the WG. The only available options are (1) to drop all requirements for transport mode (i.e., "MAY implement") and (2) to retain the transport mode requirement in the form that it was added in Huntington Beach (i.e., transport mode is required when RFC 2401 says it is). I am certain that WG rough consensus cannot be obtained for requiring transport mode in all cases (i.e., without the "when RFC 2401 says it is" qualifier from Huntington Beach). While I encourage everyone to participate, I also intend to drive this issue to closure in the next week or so. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Wed Mar 27 13:18:18 2002 9344 messages in chronological order |