|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI and IPSecBill, Though you are correct, the way you state it is as if Tunnel mode is some how easier to implement then Transport mode, or as if Encryption is not needed to be implemented. Now I am sure you did not mean that, so perhaps I should restate you answer as follows: * IPsec is a MUST be implemented: That is Data Integrity and Authentication Must be implemented * IPsec is also a MUST implement Confidentiality (encryption). * All of the above MUST be implemented in Tunnel Mode, and If the IPsec implementation of an iSCSI initiator or target conforms to the [RFC2401] definition of a host, then to comply with section 4.1 of [RFC2401] it MUST also implement the above in Transport mode. * So the thing you know for sure is that Tunnel mode MUST be implemented, and sometimes Transport mode will also be implemented. *However, the end customer has the freedom to turn on all or part of what ever IPsec version it has implemented. . . . John L. Hufferd Senior Technical Staff Member (STSM) IBM/SSG San Jose Ca Main Office (408) 256-0403, Tie: 276-0403, eFax: (408) 904-4688 Home Office (408) 997-6136, Cell: (408) 499-9702 Internet address: hufferd@us.ibm.com Bill Studenmund <wrstuden@wasabisystems.com>@ece.cmu.edu on 05/09/2002 01:01:45 PM Sent by: owner-ips@ece.cmu.edu To: Shahram Davari <Shahram_Davari@pmc-sierra.com> cc: "'ips@ece.cmu.edu'" <ips@ece.cmu.edu> Subject: Re: iSCSI and IPSec On Thu, 9 May 2002, Shahram Davari wrote: > Hi, > > Is IPSec supported in iSCSI? and if so, is it optional to use or mandatory? IPsec is a MUST. Though you can get away with just tunnel mode. Take care, Bill
Home Last updated: Fri May 10 12:18:28 2002 10053 messages in chronological order |