RE: Security Use Requirements

["John Hufferd" <hufferd@us.ibm.com>]

Scott, et.al.,
Julian's first option below, was perhaps the same as my first option.  That
is, it could be acceptable to have a gateway box included in the must
implement.  I believe, with nothing to back it, that there are "driver to
Gateway" responses that an implementation can use and therefore be
validated that the implementation adheres to the must implement statement.

Does this sound right you Scott?

For reference here is my previous statement:

Now, I am beginning to think that it is reasonable for one of the following
approaches to be OK. That is, one of those approaches should meet the
requirement for "Must Implement".
1. Only implementing an interface to the external IPSec/TLS box
2, SW implementation of IPSec/TLS
3. HW IPSec/TLS

.
.
.
John L. Hufferd
Senior Technical Staff Member (STSM)
IBM/SSG San Jose Ca
(408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
Internet address: hufferd@us.ibm.com


Julian Satran/Haifa/IBM@IBMIL@ece.cmu.edu on 02/07/2001 07:06:45 AM

Sent by:  owner-ips@ece.cmu.edu


To:   ips@ece.cmu.edu
cc:   Ofer Biran/Haifa/IBM@IBMIL
Subject:  RE: Security Use Requirements





Scott,

That pretty much settles the discussion by assertion.

Is it acceptable to say that a minimal compliant iSCSI implementation MUST
include either:

- a minimal tunneling IPsec  gateway
- a minimal transport IPsec

?

Regards,
Julo

Scott Bradner <sob@harvard.edu> on 07/02/2001 15:51:44

Please respond to Scott Bradner <sob@harvard.edu>

To:   ips@ece.cmu.edu
cc:
Subject:  RE: Security Use Requirements





it should be noted that the IPS working group was not given the option
of not having a mandatory to implement security scheme in the standard
The IESG will not approve an IPS standard that does not define a specific
mandatory to implement security scheme.

Scott