Re: iSCSI boot

[David Robinson <David.Robinson@EBay.Sun.COM>]

Douglas Otis wrote:
> If there already is a means of discovering either LDAP or SLP in conjunction
> with DCHP together will some security features defined within the PXE
> specification, then adding iSCSI specific information is not really
> required.  If you assume there is security present within LDAP and there is
> a defined schema, the ability to retrieve information related to things like
> ISID, Initiator Name, Target Name, mount point, etc can be made available
> through those standard services with security providing the initial filter.
> LDAP can store state as it is commonly used to keep password counts and the
> like. It is not a direct property of LDAP, but a well structured schema
> should make this task easier.  I know that I will hear, "Send in the Draft"
> but until there is consensus as to what is needed and how it is to be used,
> it would be a likely futile venture.

I think you are over complicating things Doug. We already have a well
defined
standard for Network Adapters to discover their identity and their
"root"
storage device using DHCP.  All that is really needed by the IPS WG is
to define
the syntax and semantics of the string that indicates where the iSCSI
target is.

While LDAP provides a lot of features and can easily be used as the
directory
service behind a DHCP server (and in fact is often is), it is highly
unlikely
that vendors will embed LDAP into the PROMs of their adapters to
retrieve
a simple string that can just as easily be served using their existing
DHCP/PXE
PROMs.

Security is actively being worked on the the DHCP community so that
is something that iSCSI can leverage.
(draft-ietf-dhc-authentication-16.txt)

So I won't say "Send in a Draft" but instead "The IESG won't let us
reinvent existing protocols".

	-David