IPSEC target and transport mode

To: pierre_labat@hp.com, ips@ece.cmu.edu
Subject: IPSEC target and transport mode
From: Black_David@emc.com
Date: Tue, 26 Mar 2002 19:31:37 -0500
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Pierre,

> Based on what has been decided in Minneapolis could you confirm
> that the following 4 points still hold true for iSCSI.

Actually, no, and thanks for asking, as you reminded me that
I promised to take this topic to the list.  I've changed the
Subject on this message slightly because this discussion applies
to all of the IP Storage protocols, not just iSCSI.

The sense of the room in Minneapolis (and it was a bit rough,
with visible dissent) was to drop the requirement for IPsec
transport mode.  Tunnel mode would become "MUST implement",
transport mode would become "MAY implement", and this would
override the "host must support both tunnel mode and transport
mode" requirement of RFC 2401.  Any procedural questions or
objections about whether/how/why the IPS WG is allowed/entitled
to override IPsec RFC requirements should be sent directly to
me off the list - we are allowed to do this solely for the use
of IPsec technology with the IPS protocols and have been doing
so for the past year.

Much of the responsibility for this flip-flop is mine (if you thought
this WG co-chair was infallible, you were bound to be disappointed
sooner or later ;-) ) - the transport mode requirement that is to be
dropped was inserted at the Huntington Beach meeting last month, and
I admit to leaning on the WG to put this in on the basis that I
believed it would be necessary to get approval of the Security Area
in the IESG.  Since that time, a new Security Area Director has been
appointed, Steve Bellovin.  Steve and I had lunch on Monday of IETF
week, and his advice on this issue was to drop the transport requirement
as a "MUST implement" for tunnel mode is sufficient for interoperability.

While I believe the current situation does represent rough consensus
of the WG, there was a visible minority in the meeting who dissented
from this decision, and essentially no time to discuss it.  Hence,
this is an opportunity for those who would like to see the transport
mode requirement from Huntington Beach retained to explain why on the
list and see if they can convince the WG.  The only available options
are (1) to drop all requirements for transport mode (i.e., "MAY implement")
and (2) to retain the transport mode requirement in the form that it
was added in Huntington Beach (i.e., transport mode is required when
RFC 2401 says it is).  I am certain that WG rough consensus cannot be
obtained for requiring transport mode in all cases (i.e., without the
"when RFC 2401 says it is" qualifier from Huntington Beach).

While I encourage everyone to participate, I also intend to drive
this issue to closure in the next week or so.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

Follow-Ups:
- Re: IPSEC target and transport mode
  - From: Bill Studenmund <wrstuden@wasabisystems.com>

Prev by Date: RE: iSCSI: padding on intermediate sequences
Next by Date: RE: iSCSI: padding on intermediate sequences
Prev by thread: iSCSI - IPSEC target and transport mode
Next by thread: Re: IPSEC target and transport mode
Index(es):
- Date
- Thread

Home

Last updated: Wed Mar 27 13:18:18 2002
9344 messages in chronological order