Re: iSCSI over TLS

To: "Julian Satran" <Julian_Satran@il.ibm.com>
Subject: Re: iSCSI over TLS
From: "Peter Mellquist" <peterm@seven-systems.com>
Date: Thu, 8 Nov 2001 11:20:08 -0800
Cc: "IPS" <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
References: <OFD6F14680.486820F7-ONC2256AFD.00223326@telaviv.ibm.com>
Sender: owner-ips@ece.cmu.edu

Thank you  for the clarification. It makes sense moving toward 10GbE to use
IPSEC.

It would also really be beneficial to allow iSCSI to utilize TLS,
essentially have iSCSI support either IPSEC or TLS rather than just IPSEC.
This would only help to proliferate secure iSCSI as well as allow more
products to incorporate strong security in a flexible manner ( there are a
number of export issues with having strong security embedded in silicon
around a TOE)

It would not require much work in terms of the RFC effort, all we would need
is another IANA port ( iSCSI and iSCSI/TLS) and a default cipher suite. It
would be better have the standard support TLS rather than have proprietary
port numbers and cipher suites resulting in lack of interoperation.

Thanks,

Peter Mellquist
Seven Systems Technologies
575 Menlo Drive Suite 2
Rocklin CA
916-577-1275
peterm@seven-systems.com



----- Original Message -----
From: "Julian Satran" <Julian_Satran@il.ibm.com>
To: <ips@ece.cmu.edu>
Sent: Tuesday, November 06, 2001 10:16 PM
Subject: Re: iSCSI over TLS


> Peter,
>
> A group of us seriously considered TLS. The main reason for dropping it
> was that it would interfere with any mechanism we could think of doing
> framing and steering and we thought that framing and steering are
> essential at 10Gbps and over.
>
> Julo
>
>
>
>
> "Peter Mellquist" <peterm@seven-systems.com>
> Sent by: owner-ips@ece.cmu.edu
> 07-11-01 02:15
> Please respond to "Peter Mellquist"
>
>
>         To:     <ips@ece.cmu.edu>
>         cc:
>         Subject:        iSCSI over TLS
>
>
>
> I am aware that the ips group is leaning toward IPSEC as for the security
> solution but I am interested if anyone is also considering using Transport
> Layer Security (TLS)?
>
> I am concerned that the requirement for IPSEC might make TOEs  more
> complex
> than they need to be. Can TLS be optionally used as well as defined by the
> specification? This could allow TOE vendors to only be concerned with
> providing normal IPv4 / ipv6 and leave the security to a higher layer. A
> TLS
> stack sitting above the TOE could then handle security very well. Also, I
> anticipate that the first generation of TOEs will not support IPSEC. With
> a
> iSCSI/TLS we could enable security solutions with the first generation of
> TOEs and get speed and security.
>
> Are any TOE vendors planning to support IPSEC?
>
> Can TLS or IPSEC be supported?
>
> -peter
>
>
>
> Peter Mellquist
> Seven Systems Technologies
> 575 Menlo Drive Suite 2
> Rocklin CA
> 916-577-1275
> peterm@seven-systems.com
>
>
>
>
>

References:
- Re: iSCSI over TLS
  - From: "Julian Satran" <Julian_Satran@il.ibm.com>

Prev by Date: RE: FC Management MIB - proposed changes
Next by Date: Re: iSCSI over TLS
Prev by thread: Re: iSCSI over TLS
Next by thread: Re: iSCSI over TLS
Index(es):
- Date
- Thread

Home

Last updated: Thu Nov 08 16:17:37 2001
7659 messages in chronological order