Re: [Ips] no DHCP-assigned InitiatorName
Black_David@emc.com Mon, 22 September 2008 15:41 UTC
Return-Path: <ips-bounces@ietf.org>
X-Original-To: ips-archive@optimus.ietf.org
Delivered-To: ietfarch-ips-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC05728C13F; Mon, 22 Sep 2008 08:41:46 -0700 (PDT)
X-Original-To: ips@core3.amsl.com
Delivered-To: ips@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B7723A69C6 for <ips@core3.amsl.com>; Mon, 22 Sep 2008 08:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZyxf+z7+-Mo for <ips@core3.amsl.com>; Mon, 22 Sep 2008 08:41:39 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 76D6F3A6935 for <ips@ietf.org>; Mon, 22 Sep 2008 08:41:39 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m8MFfbN3026038 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ips@ietf.org>; Mon, 22 Sep 2008 11:41:37 -0400 (EDT)
Received: from mailhub.lss.emc.com (nirah.lss.emc.com [10.254.144.13]) by hop04-l1d11-si01.isus.emc.com (Tablus Interceptor) for <ips@ietf.org>; Mon, 22 Sep 2008 11:38:44 -0400
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m8MFfIog010523 for <ips@ietf.org>; Mon, 22 Sep 2008 11:41:25 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX80A.corp.emc.com ([10.254.89.201]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 22 Sep 2008 11:41:11 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 22 Sep 2008 11:41:12 -0400
Message-ID: <9FA859626025B64FBC2AF149D97C944A8A5EC3@CORPUSMX80A.corp.emc.com>
In-Reply-To: <OF2B1DCFAA.18C9A07A-ON852574CC.004985AD-852574CC.004A10C4@il.ibm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Ips] no DHCP-assigned InitiatorName
thread-index: Ackct2b7OXnIhY0QSU+6tGn40Il3QAAEeU2w
References: <48D6F3EB.1080400@scalent.com><OF51EB8C4B.4A802DE0-ON852574CC.003C9899-852574CC.003D1E7C@il.ibm.com><48D79AA6.9040104@scalent.com> <OF2B1DCFAA.18C9A07A-ON852574CC.004985AD-852574CC.004A10C4@il.ibm.com>
To: ips@ietf.org
X-OriginalArrivalTime: 22 Sep 2008 15:41:11.0801 (UTC) FILETIME=[A3BF7E90:01C91CC9]
X-RSA-Inspected: yes
X-RSA-Classifications:
X-RSA-Action: allow
Subject: Re: [Ips] no DHCP-assigned InitiatorName
X-BeenThere: ips@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IP Storage <ips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ips>
List-Post: <mailto:ips@ietf.org>
List-Help: <mailto:ips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ips>, <mailto:ips-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0493778013=="
Sender: ips-bounces@ietf.org
Errors-To: ips-bounces@ietf.org
CbCS is a technology for which there is little to no current product support. As a security technology, it does not strike me as a good solution to the issue that Michael raises, which is basically an automatic configuration issue. Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- ________________________________ From: ips-bounces@ietf.org [mailto:ips-bounces@ietf.org] On Behalf Of Julian Satran Sent: Monday, September 22, 2008 9:29 AM To: Michael Howard Cc: Sivan Tal; ips@ietf.org Subject: Re: [Ips] no DHCP-assigned InitiatorName Michael, I think that some of the OSs have the initiator name wired into the image and boot providers will have to set this name. I am not sure how what exactly is required for each version. The boot RFC defines where the image comes from but very little else. Sivan may give you a pointer to CbCS. Regards, Julo From: Michael Howard <michael.howard@scalent.com> To: Julian Satran/Haifa/IBM@IBMIL Cc: ips@ietf.org Date: 09/22/2008 09:19 Subject: Re: [Ips] no DHCP-assigned InitiatorName ________________________________ Julian Satran wrote: > Michael - I am not sure what you are looking for? A standard parameter > as those described by the iBOOT RFC? Yes, I am looking for a specific DHCP parameter that defines what InitiatorName is to be used by the iSCSI boot client. It seems to me that the purpose of RFC4173 was/is to allow stateless clients to boot. The target parameters that are specified in RFC4173 are necessary, but not sufficient. On many commercial iSCSI target servers you must have the InitiatorName in order to be able to log in to the target. This is the case for NetApp and SANRAD, and I strongly for many others. > In any case the initiator name is not the only way to control what a > server will access. > > CbCS (stands for Credential Based Command Security) available for any > SCSI device at the SCSI layer (see the T10 site) is probably > safer/better and does not depend on things that can be so easy faked by > an initiator as the initiator name and may be easier to deploy. This is not something that I am familiar with ... *** 10 minutes later *** I could find no reference to CbCS or Command Based Command Security at the NetApp support site now.netapp.com A quick search at www.t10.org didn't turn anything up either ... I'll keep looking. There may (and should) be other/better security mechanisms working their way through the standardization and implementation processes. As a practical measure, I believe that a DHCP-supplied InitiatorName is needed because InitiatorName is required by many commercial iSCSI target servers. Michael
_______________________________________________ Ips mailing list Ips@ietf.org https://www.ietf.org/mailman/listinfo/ips
- [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Julian Satran
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Julian Satran
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Black_David
- [Ips] no DHCP-assigned InitiatorName: Procedural … Black_David
- Re: [Ips] no DHCP-assigned InitiatorName: Procedu… Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Julian Satran
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName Shyam_Iyer
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard
- Re: [Ips] no DHCP-assigned InitiatorName G_Chawla
- Re: [Ips] no DHCP-assigned InitiatorName Shyam_Iyer
- Re: [Ips] no DHCP-assigned InitiatorName G_Chawla
- Re: [Ips] no DHCP-assigned InitiatorName Sivan Tal
- Re: [Ips] no DHCP-assigned InitiatorName Michael Howard