FCIP: Minutes of Author's Teleconference 9/ 13 Meeting

["Murali Rajagopal" <muralir@lightsand.com>]

Submitted by Don Fraser, Compaq

Attending:
        Andy Helland
        Anil Rijhsinghani;
        Bob Snively;
        Don Fraser;
        Liz Rodriguez;
        Gaby Hecht;
        Jim Nelson;
        Ken Hirata;
        Larry Lamers;
        Milan Merhar;
        Neil Wanamaker;
        Raj Bhagwat;
        Ralph Weber;
        Venkat Rangan
        Vi Chau;

Minutes:

Ralph will publish revised document early next week and will include results
from the NAT and Multi-home discussions.

Larry requested that we reserve at least the SF nibble ( and -SF) if not a
byte in the NAPT (aka funky frame) for future use.  Agreed to by Ralph and
Bob; will define it as a coded value.

We all need to look at FC-SW-2 and our work to insure that we don't need to
specify both the port name and node name if both are world wide unique.
Consider how it shows up in the SLP structure, as it may need both to map
the structure.

Vencat provided a review of what has been happening on the reflector.  For
example there was some discussion on how man-in-the-middle can attack shared
keys.  Others countered with how to better protect shared keys with group
pre-shared keys.  Contact him for more precise details.  Ralph asked if
those building products needed shared keys, and Vencat replied that with
FCIP it does not seem necessary.  Bob thinks that we don't need to support
group pre-shared keys.  Ralph requested that Vencat also poll the group on
the use of aggressive mode versus normal mode.

Bob brought up that it appears the IEFT is willing to support some measure
of susceptibility if they require or at least support DES.  There was some
kind of exception discussion around use of static addresses and that the
FCIP would? most likely use static addressing.  These addresses would most
likely be discovered via SCLP V2?  Appears to more of an IEFT issue than
ours.

Ralph will take the most recent copy of Vencat's work, scrub it, and insert
it into the draft as part of section 9.

There was some additional discussion around use of IKE main mode and group
shared keys and weather it was secure or not.  There will be a poll of the
authors to determine best approach.  Vencat and Ralph to work together to
get the appropriate words into the doc V5D.  That is unless Ralph has to
drive home from T11.

Ralph also proposed that we work the security first and then the NAT stuff
when it is ready.  Proposal accepted.

Ralph confirmed the Rev 5C does not include any of the security changes,
they will be in 5D to be posted next week.  And security will be done well
before the NAPT solution.

To do next week:

        review security as written in 5D
        start NAPT work.

Vi Chau will host it next week at the usual time on Wednesday.  Cisco to
host the week after then Lucent.