SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI and IPSec



    On Thu, 9 May 2002, John Hufferd wrote:
    
    >
    > Bill,
    > Though you are correct, the way you state it is as if Tunnel mode is some
    > how easier to implement then Transport mode, or as if Encryption is not
    > needed to be implemented.  Now I am sure you did not mean that, so perhaps
    > I should restate you answer as follows:
    
    You are correct. I don't see how I said you didn't have to have
    Encryption, but then again I don't see how you could have an IPsec
    implementation without Encryption, so I didn't think to say it. :-)
    
    > * IPsec is a MUST be implemented: That is Data Integrity and Authentication
    > Must be implemented
    >
    > * IPsec is also a MUST implement Confidentiality (encryption).
    >
    > * All of the above MUST be implemented in Tunnel Mode, and If the IPsec
    > implementation of an iSCSI initiator or target conforms to the [RFC2401]
    > definition of a host, then to comply with section 4.1 of [RFC2401] it MUST
    > also implement the above in Transport mode.
    >
    > * So the thing you know for sure is that Tunnel mode MUST be implemented,
    > and sometimes Transport mode will also be implemented.
    >
    > *However, the end customer has the freedom to turn on all or part of what
    > ever IPsec version it has implemented.
    
    Yep.
    
    Nicely put.
    
    Take care,
    
    Bill
    
    


Home

Last updated: Fri May 10 12:18:28 2002
10053 messages in chronological order