iSCSI boot draft revision for IESG

To: ips@ece.cmu.edu
Subject: iSCSI boot draft revision for IESG
From: Black_David@emc.com
Date: Tue, 7 Jan 2003 17:06:30 -0500
Cc: Black_David@emc.com
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

In the IESG review of the iSCSI boot draft that can be found at:

https://www1.ietf.org/IESG/EVALUATIONS/draft-ietf-ips-iscsi.bal

there are a long set of comments from Randy Bush (actually
forwarded from the operations area directorate) on the
boot draft that are mistakenly recorded under the main iSCSI
draft.  The summary at the top of those comments is:

  Boot security has traditionally been a problematic area,
  so an alternative secure boot mechanism is very welcome.
  iSCSI boot has substantial potential, and some of the
  products coming on the market have impressive security
  features (such as IKE/IPsec support on the HBA), so that
  I'd expect a draft on isCSI Boot to demonstrate
  particular attention to security issues.

  This document falls short in this regard,
  though it can be easily fixed with a little work.

I believe the summary is basically correct, in that the boot
draft was developed to describe the functional aspects of
booting and did not put much emphasis on security issues.
I think there's enough information in those comments for
the authors to prepare a revised version of the draft, but
I want that draft reviewed here on the IPS WG list primarily
to make sure that the WG is satisfied with the balance that
will need to be struck in the revised draft between strength
of security for boot and the resulting implementation
implications (size, complexity, new ways for it to fail)
for BIOS code and the like.

There are also a couple of suggestions for additional
informational references towards the bottom of the above
review.

The authors should prepare a revised draft and submit it
in the near future - we'll run a short review focused on
the security aspects of the draft on this list.

Thanks,
--David 

----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953 **NEW**     FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Prev by Date: RE: iSCSI: Implicit Termination of Tasks
Next by Date: RE: iSCSI: Implicit Termination of Tasks
Prev by thread: iSCSI draft status
Next by thread: need info regarding checksum algorithm
Index(es):
- Date
- Thread

Home

Last updated: Wed Jan 08 00:19:01 2003
12124 messages in chronological order