RE: iSCSI: IPsec tunnel / transport mode decision

To: <saqibj@margallacomm.com>
Subject: RE: iSCSI: IPsec tunnel / transport mode decision
From: "Ofer Biran" <BIRAN@il.ibm.com>
Date: Sun, 4 Nov 2001 13:26:44 +0100
Cc: <ips@ece.cmu.edu>
Content-type: text/plain; charset=us-ascii
Importance: Normal
Sender: owner-ips@ece.cmu.edu

Saqib,

Mandatory transport mode would make bundling of external IPSec
impossible, while tunnel mode is not more difficult to implement
within the iSCSI endpoint than transport mode.

"Cost of ownership and complexity of deploying a stand-alone
IPsec gateway" might be among the considerations of vendors and
customers, but I don't think the standard should block such
solutions (and  it blocks more than just stand-alone IPsec
gateway).

  Regards,
   Ofer


Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253


"Saqib Jang" <saqibj@margallacomm.com> on 02/11/2001 20:59:03

Please respond to <saqibj@margallacomm.com>

To:   "Bill Strahm" <bill@sanera.net>, "CAVANNA,VICENTE V
      (A-Roseville,ex1)" <vince_cavanna@agilent.com>
cc:   "SHEEHY,DAVE (A-Americas,unix1)" <dave_sheehy@agilent.com>, Ofer
      Biran/Haifa/IBM@IBMIL, <ips@ece.cmu.edu>
Subject:  RE: iSCSI: IPsec tunnel / transport mode decision



What about the cost of ownership and complexity of deploying
a stand-alone IPsec gateway for use with IPsec end-points?
If transport-mode IPsec is a must-to-implement capability in
iSCSI end-points there is an opportunity to have much
more coherent security for iSCSI.

Saqib

Follow-Ups:
- RE: iSCSI: IPsec tunnel / transport mode decision
  - From: "Bill Strahm" <bill@sanera.net>

Prev by Date: RE: iSCSI: current UNH Plugfest
Next by Date: iSCSI - Configuration Examples by John Hufferd
Prev by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Next by thread: RE: iSCSI: IPsec tunnel / transport mode decision
Index(es):
- Date
- Thread

Home

Last updated: Sun Nov 04 15:17:35 2001
7548 messages in chronological order