RE: iSCSI IPsec-Related Algorithm Proposal

To: Black_David@emc.com
Subject: RE: iSCSI IPsec-Related Algorithm Proposal
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Sat, 30 Jun 2001 19:12:43 +0300
Cc: ips@ece.cmu.edu, "howard.c.herbert" <howard.c.herbert@intel.com>, "ips" <ips@ece.cmu.edu>
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu

I think security issues go beyond the rekeying and I doubt that manual
keying is an
acceptable solution (not even as a starter) as it creates a management
nightmare even in moderately
sized installations and is barely supported in host systems (manually
inserting keys AND SPIs).

Howard is has a good point about schedules. and he is also pointing us
towards
a solution - select a minimum subset and get fast in place a keying
mechanism that is both well understood and accepted.

Julo



Black_David@emc.com on 30-06-2001 03:24:54

Please respond to Black_David@emc.com

To:   howard.c.herbert@intel.com, ips@ece.cmu.edu
cc:
Subject:  RE: iSCSI IPsec-Related Algorithm Proposal




> Specifically, phase one products would use AES CBC MAC mode as the
integrity
> algorithm and AES CBC mode as the confidentiality algorithm.  This
proposal
> means vendors only have to implement a single base-algorithm with slight
> mode variations in order to have a complete 1 Gbit solution (integrity
and
> confidentiality).  Adopting AES in phase one also establishes a
foundation
> upon which to build phase two solutions (different modes of operation on
the
> same base algorithm).

What would you recommend as reference specifications for these algorithms,
and specifically their use with ESP?  There are no RFCs specifying this,
and I haven't seen an Internet-Draft on the MAC (there is one on use of
AES for confidentiality).  My personal preference would be for something
AES-based (perhaps using one of the new SHA hashes in an HMAC instead
of the AES CBC MAC) rather than falling back to things like SHA-1 and 3DES.

Meanwhile, we have another issue.  As of the outcome of the Nashua meeting,
the minimum (MUST implement) requirement for keying ESP was manual keying.
That's not going to be sufficient because there will be situations in which
iSCSI
causes ESP's 32-bit sequence number to roll over, creating a vulnerability
to
replay attacks.  This is going to require specification of a MUST implement
rekeying algorithm.  IKE or a subset is one possibility, and working out
the
details of SRP-based keying (and rekeying) of ESP is another.  A somewhat
drafty draft on the latter may appear prior to London assuming that I can
find
the "copious spare time" to get it written.

Comments?

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Prev by Date: RE: iSCSI IPsec-Related Algorithm Proposal
Next by Date: Re: iSCSI: Iterating long text responses
Prev by thread: iSCSI version number
Next by thread: RE: iSCSI IPsec-Related Algorithm Proposal
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:22 2001
6315 messages in chronological order