Security in iSCSI

To: ips@ece.cmu.edu
Subject: Security in iSCSI
From: Bill Strahm <bill@strahm.net>
Date: Mon, 20 Aug 2001 17:10:04 -0700 (PDT)
cc: Black_David@emc.com
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <NEBBJGDMMLHHCIKHGBEJIEIJCKAA.dotis@sanlight.net>
Sender: owner-ips@ece.cmu.edu

David,

I am becoming more and more concerned about the IPS security strategy the
longer I think about having to implement this into product.  The first
problem with defining a new keying standard is that an iSCSI vendor will
have to implement this keying standard, and then on a per OS bassis
attempt to push a negotiated key down into the IPsec layer to handle the
correct iSCSI traffic.  Many of these interfaces will be difficult to
find, if they are available at all...

I want to propose that our security story cover
1) Defining a security policy that can be used to cover iSCSI traffic
2) Allowing end users to use this security policy with their OSes current
IPsec stacks (on both the client and target end), or integrating an IPsec
stack into products
3) Allowing the IPsec WG cover all aspects of algorithm selection, key
negotiating, encapsulation, etc. that are needed

This will allow the IPS working group do what we do best, and allow the
IPsec WG to do what they do best, and lead to interoperating products the
fastest

Bill Strahm
Sanera Systems Inc.

References:
- RE: iSCSI: Alias consensus call
  - From: "Douglas Otis" <dotis@sanlight.net>

Prev by Date: RE: iSCSI CRC: A CRC-checking example
Next by Date: remove
Prev by thread: RE: iSCSI: Alias consensus call
Next by thread: RE: iSCSI: Alias consensus call
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:58 2001
6315 messages in chronological order