RE: iSCSI and IPSec

To: hufferd@us.ibm.com
Subject: RE: iSCSI and IPSec
From: Black_David@emc.com
Date: Thu, 9 May 2002 21:00:19 -0400
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

> Though you are correct, the way you state it is as if Tunnel mode is some
> how easier to implement then Transport mode, or as if Encryption is not
> needed to be implemented.  Now I am sure you did not mean that, so perhaps
> I should restate you answer as follows:
> * IPsec is a MUST be implemented: That is Data Integrity and
Authentication
> Must be implemented
> 
> * IPsec is also a MUST implement Confidentiality (encryption).
> 
> * All of the above MUST be implemented in Tunnel Mode, and If the IPsec
> implementation of an iSCSI initiator or target conforms to the [RFC2401]
> definition of a host, then to comply with section 4.1 of [RFC2401] it MUST
> also implement the above in Transport mode.

That was the case before the March meeting in Minneapolis.  The
current situation is the Tunnel Mode MUST be implemented, Transport
Mode is OPTIONAL, and there is no need to consult the [RFC2401]
definition of a host to figure this out.

Thanks,
--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: RE: FCIP: Comment 120
Next by Date: Re: iSCSI: Nop StatSN clarification
Prev by thread: Re: iSCSI and IPSec
Next by thread: iSCSI: Nop StatSN clarification
Index(es):
- Date
- Thread

Home

Last updated: Fri May 10 12:18:28 2002
10053 messages in chronological order