RE: Security and iSCSI and IPv6

[<G_Chawla@xxxxxxxx>]

Title: Security and iSCSI and IPv6

David,

 

We wanted to find out, if iSCSI spec mandates initiator or target to support any aspect of IPSEC (authentication or encryption) in IPv6 or IPv4 environment. or Is IPSEC completely optional?

 

Section 8.3.1 in RFC 3720 states that:

An iSCSI compliant initiator or target MUST provide data integrity
   and authentication by implementing IPsec [RFC2401] with ESP [RFC2406]
   in tunnel mode and MAY provide data integrity and authentication by
   implementing IPsec with ESP in transport mode.  The IPsec
   implementation MUST fulfill the following iSCSI specific
   requirements:

 

     - HMAC-SHA1 MUST be implemented [RFC2404].
     - AES CBC MAC with XCBC extensions SHOULD be implemented
       [RFC3566].

 

   The ESP anti-replay service MUST also be implemented.

Thanks,
Gaurav

 

---

From: Black_David@xxxxxxx [mailto:Black_David@xxxxxxx]
Sent: Wednesday, November 01, 2006 9:04 AM
To: Cherian, Jacob; ips@xxxxxxxx
Subject: RE: Security and iSCSI and IPv6

The IPsec requirements for iSCSI are IPv6 vs. IPv4 independent for

the most part.  Section 8.3.3 of RFC 3720 requires ID_IPV6_ADDR

support when IPv6 is supported.

 

Thanks,

--David

----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@xxxxxxx        Mobile: +1 (978) 394-7754
----------------------------------------------------

---

From: Jacob_Cherian@xxxxxxxx [mailto:Jacob_Cherian@xxxxxxxx]
Sent: Tuesday, October 31, 2006 6:27 PM
To: ips@xxxxxxxx
Subject: Security and iSCSI and IPv6

Are the any mandatory requirements around support for IPSec for iSCSI targets that claim IPv6 compliance?

Any insight would be greatly appreciated.

Thanks,

Jacob

_______________________________________________
Ips mailing list
Ips@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ips