Re: [nfsv4] Kathleen Moriarty's No Objection on draft-ietf-nfsv4-scsi-layout-08: (with COMMENT)
Christoph Hellwig <hch@lst.de> Wed, 16 November 2016 17:04 UTC
Return-Path: <hch@lst.de>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF581129469; Wed, 16 Nov 2016 09:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.397
X-Spam-Level:
X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHMnR2KHmLGm; Wed, 16 Nov 2016 09:04:49 -0800 (PST)
Received: from newverein.lst.de (verein.lst.de [213.95.11.211]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D728127076; Wed, 16 Nov 2016 09:04:48 -0800 (PST)
Received: by newverein.lst.de (Postfix, from userid 2407) id D5A4368CEB; Wed, 16 Nov 2016 18:04:46 +0100 (CET)
Date: Wed, 16 Nov 2016 18:04:46 +0100
From: Christoph Hellwig <hch@lst.de>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Message-ID: <20161116170446.GA4909@lst.de>
References: <147249703400.18985.17785625452584051064.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <147249703400.18985.17785625452584051064.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vkrqiL1NSjNbML8UZ-LBG0_vRVk>
Cc: draft-ietf-nfsv4-scsi-layout@ietf.org, The IESG <iesg@ietf.org>, nfsv4@ietf.org, nfsv4-chairs@ietf.org
Subject: Re: [nfsv4] Kathleen Moriarty's No Objection on draft-ietf-nfsv4-scsi-layout-08: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 17:04:51 -0000
Hi Kathleen, sorry for the delay, somehow this comments slipped through the cracks and Spencer had to remind me of it. On Mon, Aug 29, 2016 at 11:57:14AM -0700, Kathleen Moriarty wrote: > For the security considerations, it would be good to include a few > examples of the security provided by iSCSI, like encryption via IPsec > (tunnel and transport mode - IMO opinion this RFC makes it difficult to > set this up in an interoperable way, but that's not the responsibility of > this draft), authentication, etc. RFC7143 is such a large document, just > a pointer isn't as helpful here in comparison to the no security example. > This is just at the comment level since the pointer is technically > sufficient, but sets one up for a lot of reading. I don't think it makes much sense to address the iSCSI security issues in this document, and here is why: As far as the pNFS SCSI layout is concerned setting up the actual SCSI transport is completely out of scope, and that's intentional because there are so many different SCSI transports and implementations, and I don't want to get into details for any of them except mentioning a few. But maybe as a compromise I can add references to RFC3723 and RFC7146 which seems to be the IETF canonical answer on how to secure iSCSI?
- [nfsv4] Kathleen Moriarty's No Objection on draft… Kathleen Moriarty
- Re: [nfsv4] Kathleen Moriarty's No Objection on d… Christoph Hellwig