[rddp] RDDP Last Calls (DDP & RDMAP) - which version of IPsec?
Black_David@emc.com Mon, 21 August 2006 23:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFJ4S-00014P-7Z; Mon, 21 Aug 2006 19:20:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFJ4Q-00014I-G8 for rddp@ietf.org; Mon, 21 Aug 2006 19:20:38 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFJ3E-0001h8-3Q for rddp@ietf.org; Mon, 21 Aug 2006 19:20:38 -0400
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by mexforward.lss.emc.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k7LNJKBv011352; Mon, 21 Aug 2006 19:19:20 -0400 (EDT)
Received: from corpussmtp2.corp.emc.com (corpussmtp2.corp.emc.com [128.221.14.146]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k7LNJ9ne012283; Mon, 21 Aug 2006 19:19:19 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.13]) by corpussmtp2.corp.emc.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 21 Aug 2006 19:18:44 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 21 Aug 2006 19:18:44 -0400
Message-ID: <F222151D3323874393F83102D614E05502B6720F@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RDDP Last Calls (DDP & RDMAP) - which version of IPsec?
Thread-Index: AcbFeCVQGfXiIqPHQLawsNmsgVW1ig==
X-Priority: 1
Priority: Urgent
Importance: high
To: rddp@ietf.org
X-OriginalArrivalTime: 21 Aug 2006 23:18:44.0774 (UTC) FILETIME=[25CF7C60:01C6C578]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.8.1.75432
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, PRIORITY_NO_NAME 0.716, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_PRIORITY 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0'
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc: lars.eggert@netlab.nec.de, housley@vigilsec.com, hartmans-ietf@mit.edu, Black_David@emc.com
Subject: [rddp] RDDP Last Calls (DDP & RDMAP) - which version of IPsec?
X-BeenThere: rddp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IETF Remote Direct Data Placement \(rddp\) WG" <rddp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rddp@ietf.org>
List-Help: <mailto:rddp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=subscribe>
Errors-To: rddp-bounces@ietf.org
An issue arose during IETF Last Call about which version of IPsec should be specified for RDDP. RDDP currently requires IPsec as specified for iSCSI in RFC 3723, which uses the older (RFC 2401-based) version of IPsec. There is a newer version of IPsec, based on RFC 4301, that was brought up in some Last Call comments on DDP and RDMAP. This issue has been resolved with the IETF Security Area - use of RFC 3723 to provide the IPsec security requirements for RDDP is fine, especially as RDDP is expected to be applied to iSCSI in the early going. When RFC 3723's IPsec requirements are updated to the new version of IPsec, that update will apply to everything that RFC 3723 applies to, so that iSCSI and RDDP will move forward (wrt IPsec) at the same time. The following text needs to be added to the RDMAP and DDP drafts, and will be added to the RDDP Security draft via an RFC Editor Note: The IPsec requirements for RDDP are based on the version of IPsec specified in RFC 2401 [RFC 2401] and related RFCs, as profiled by RFC 3723 [RFC 3723], despite the existence of a newer version of IPsec specified in RFC 4301 [RFC 4301] and related RFCs. One of the important early applications of the RDDP protocols is their use with iSCSI [iSER]; RDDP's IPsec requirements follow those of IPsec in order to facilitate that usage by allowing a common profile of IPsec to be used with iSCSI and the RDDP protocols. In the future, RFC 3723 may be updated to the newer version of IPsec, the IPsec security requirements of any such update should apply uniformly to iSCSI and the RDDP protocols. [RFC 3723] should already be a normative reference. Here are the others (all informative) if they're needed: [RFC 2401] S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol," RFC 2401, November 1998. [RFC 4301] S. Kent and K. Seo, "Security Architecture for the Internet Protocol," RFC 4301, December 2005. [iSER] M. Ko, et. al., "iSCSI Extensions for RDMA Specification," Internet-Draft, draft-ietf-ips-iser-05.txt, Work in Progress, October 2005. There are some other Last Call comments on RDDP and DDP that still need attention among the authors, reviewers, and yours truly, but this issue is important enough to document on the mailing list. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ rddp mailing list rddp@ietf.org https://www1.ietf.org/mailman/listinfo/rddp