Re: iSCSI and IPSec

To: John Hufferd <hufferd@us.ibm.com>
Subject: Re: iSCSI and IPSec
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Fri, 10 May 2002 08:20:47 -0700 (PDT)
Cc: Shahram Davari <Shahram_Davari@pmc-sierra.com>, "'ips@ece.cmu.edu'" <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <OF46138766.8CD589DE-ON88256BB4.007AB0E4@boulder.ibm.com>
Sender: owner-ips@ece.cmu.edu

On Thu, 9 May 2002, John Hufferd wrote:

>
> Bill,
> Though you are correct, the way you state it is as if Tunnel mode is some
> how easier to implement then Transport mode, or as if Encryption is not
> needed to be implemented.  Now I am sure you did not mean that, so perhaps
> I should restate you answer as follows:

You are correct. I don't see how I said you didn't have to have
Encryption, but then again I don't see how you could have an IPsec
implementation without Encryption, so I didn't think to say it. :-)

> * IPsec is a MUST be implemented: That is Data Integrity and Authentication
> Must be implemented
>
> * IPsec is also a MUST implement Confidentiality (encryption).
>
> * All of the above MUST be implemented in Tunnel Mode, and If the IPsec
> implementation of an iSCSI initiator or target conforms to the [RFC2401]
> definition of a host, then to comply with section 4.1 of [RFC2401] it MUST
> also implement the above in Transport mode.
>
> * So the thing you know for sure is that Tunnel mode MUST be implemented,
> and sometimes Transport mode will also be implemented.
>
> *However, the end customer has the freedom to turn on all or part of what
> ever IPsec version it has implemented.

Yep.

Nicely put.

Take care,

Bill

References:
- Re: iSCSI and IPSec
  - From: "John Hufferd" <hufferd@us.ibm.com>

Prev by Date: Re: FCIP: Comment 120
Next by Date: Re: iSCSI - an improved text for 4.1 & 4.2
Prev by thread: Re: iSCSI and IPSec
Next by thread: RE: iSCSI and IPSec
Index(es):
- Date
- Thread

Home

Last updated: Fri May 10 12:18:28 2002
10053 messages in chronological order