|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI and IPSecOn Thu, 9 May 2002, John Hufferd wrote: > > Bill, > Though you are correct, the way you state it is as if Tunnel mode is some > how easier to implement then Transport mode, or as if Encryption is not > needed to be implemented. Now I am sure you did not mean that, so perhaps > I should restate you answer as follows: You are correct. I don't see how I said you didn't have to have Encryption, but then again I don't see how you could have an IPsec implementation without Encryption, so I didn't think to say it. :-) > * IPsec is a MUST be implemented: That is Data Integrity and Authentication > Must be implemented > > * IPsec is also a MUST implement Confidentiality (encryption). > > * All of the above MUST be implemented in Tunnel Mode, and If the IPsec > implementation of an iSCSI initiator or target conforms to the [RFC2401] > definition of a host, then to comply with section 4.1 of [RFC2401] it MUST > also implement the above in Transport mode. > > * So the thing you know for sure is that Tunnel mode MUST be implemented, > and sometimes Transport mode will also be implemented. > > *However, the end customer has the freedom to turn on all or part of what > ever IPsec version it has implemented. Yep. Nicely put. Take care, Bill
Home Last updated: Fri May 10 12:18:28 2002 10053 messages in chronological order |