|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI boot draft revision for IESGIn the IESG review of the iSCSI boot draft that can be found at: https://www1.ietf.org/IESG/EVALUATIONS/draft-ietf-ips-iscsi.bal there are a long set of comments from Randy Bush (actually forwarded from the operations area directorate) on the boot draft that are mistakenly recorded under the main iSCSI draft. The summary at the top of those comments is: Boot security has traditionally been a problematic area, so an alternative secure boot mechanism is very welcome. iSCSI boot has substantial potential, and some of the products coming on the market have impressive security features (such as IKE/IPsec support on the HBA), so that I'd expect a draft on isCSI Boot to demonstrate particular attention to security issues. This document falls short in this regard, though it can be easily fixed with a little work. I believe the summary is basically correct, in that the boot draft was developed to describe the functional aspects of booting and did not put much emphasis on security issues. I think there's enough information in those comments for the authors to prepare a revised version of the draft, but I want that draft reviewed here on the IPS WG list primarily to make sure that the WG is satisfied with the balance that will need to be struck in the revised draft between strength of security for boot and the resulting implementation implications (size, complexity, new ways for it to fail) for BIOS code and the like. There are also a couple of suggestions for additional informational references towards the bottom of the above review. The authors should prepare a revised draft and submit it in the near future - we'll run a short review focused on the security aspects of the draft on this list. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 **NEW** FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
Home Last updated: Wed Jan 08 00:19:01 2003 12124 messages in chronological order |