SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI boot draft revision for IESG



    In the IESG review of the iSCSI boot draft that can be found at:
    
    https://www1.ietf.org/IESG/EVALUATIONS/draft-ietf-ips-iscsi.bal
    
    there are a long set of comments from Randy Bush (actually
    forwarded from the operations area directorate) on the
    boot draft that are mistakenly recorded under the main iSCSI
    draft.  The summary at the top of those comments is:
    
      Boot security has traditionally been a problematic area,
      so an alternative secure boot mechanism is very welcome.
      iSCSI boot has substantial potential, and some of the
      products coming on the market have impressive security
      features (such as IKE/IPsec support on the HBA), so that
      I'd expect a draft on isCSI Boot to demonstrate
      particular attention to security issues.
    
      This document falls short in this regard,
      though it can be easily fixed with a little work.
    
    I believe the summary is basically correct, in that the boot
    draft was developed to describe the functional aspects of
    booting and did not put much emphasis on security issues.
    I think there's enough information in those comments for
    the authors to prepare a revised version of the draft, but
    I want that draft reviewed here on the IPS WG list primarily
    to make sure that the WG is satisfied with the balance that
    will need to be struck in the revised draft between strength
    of security for boot and the resulting implementation
    implications (size, complexity, new ways for it to fail)
    for BIOS code and the like.
    
    There are also a couple of suggestions for additional
    informational references towards the bottom of the above
    review.
    
    The authors should prepare a revised draft and submit it
    in the near future - we'll run a short review focused on
    the security aspects of the draft on this list.
    
    Thanks,
    --David 
    
    ----------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 176 South St., Hopkinton, MA  01748
    +1 (508) 293-7953 **NEW**     FAX: +1 (508) 293-7786
    black_david@emc.com        Mobile: +1 (978) 394-7754
    ----------------------------------------------------
    


Home

Last updated: Wed Jan 08 00:19:01 2003
12124 messages in chronological order