|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements> Many posts ago, there was mention of three levels of security for iSCSI > > 1: none > 2: iSCSI authentication > 3: tls or IPsec > > these level seems to correspond to what is in the version 3 draft. > > The trend in the current discussion seems to be that security must be implemented. > Correct me if I am wrong, but I am under the impression that fibre channel currently > is used at level 1 (although there is CRC). I was also under the impression that > one of the main motivations of iSCSI was the belief that ethernet would win over > Fibre Channel as a network technology and hence the desire to send SCSI over ethernet. Oh, I wish Sean hadn't gone there. Fibre Channel has some rather weak authentication and access control mechanisms, but the current state of Fibre Channel security would never have made it past an IETF Area Director, let alone out as a standards-track RFC. Small scale Fibre Channel SANs provide valid arguments for choosing not to use security in some cases - larger scale Fibre Channel deployments are providing much stronger arguments for why security implementation should be mandatory, and there's quite a bit of work going on in the Fibre Channel world to do something about security after the fact. In other words, Fibre Channel is not a valid analogy to argue about whether security should be mandatory to implement. Beyond that, Sean is correct that there are a lot of details are missing from the security section of the -03 draft, and that in general, specifying fewer mechanisms is preferable. --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |