[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPsec gateway vs. host
> it just sounds like the iSCSI folks are
> calling for a subset of IPsec functionality for their environment.
That's correct, with the caveat that iSCSI security is very much still
a work in progress. From an IPsec architectural perspective, an
iSCSI implementation is clearly a "host", not a "gateway".
--David (IP Storage WG co-chair)
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA 01748
+1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500
black_david@emc.com Mobile: +1 (978) 394-7754
---------------------------------------------------
> -----Original Message-----
> From: Stephen Kent [SMTP:kent@bbn.com]
> Sent: Friday, July 06, 2001 3:57 PM
> To: saqibj@margallacomm.com
> Cc: ipsec@lists.tislabs.com; Saqib Jang
> Subject: Re: IPsec gateway vs. host
>
> At 11:23 AM -0700 7/6/01, Saqib Jang wrote:
> >Is there a scenario where IPsec implemented in a NIC
> >or a HBA can be considered a "gateway" IPsec implementation.
> >I'm trying to reconcile the proposal for iSCSI devices to only
> >support tunnel-mode IPsec with the requirement in RFC 2401
> >that only IPsec "gateways" can support only tunnel-mode IPsec,
> >whereas "hosts' are required to support both tunnel and transport
> >mode IPsec.
>
> depending on where the NIC is used, it might appropriately support SG
> vs. host Ipsec modes. but, it just sounds like the iSCSCI folks are
> calling for a subset of IPsec functionality for their environment. a
> compliant IPsec host implementation could be used in this more
> restrictive fashion.
>
> Steve