[storm] Storm WG draft status - October 21 + Two IPsec items

"Black, David" <david.black@emc.com> Mon, 21 October 2013 21:25 UTC

From: "Black, David" <david.black@emc.com>
To: "storm@ietf.org" <storm@ietf.org>
Importance: high
Date: Mon, 21 Oct 2013 17:24:25 -0400
Thread-Topic: Storm WG draft status - October 21 + Two IPsec items
Thread-Index: Ac7Oo+qe9cjxBeGHTACBSzR+8hrHYg==
Message-ID: <8D3D17ACE214DC429325B2B98F3AE712025DDDBE9A@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [storm] Storm WG draft status - October 21 + Two IPsec items
Precedence: list

With all the expected drafts submitted that are expected before the Vancouver meeting
week, here's the status update:

1) iSCSI consolidated draft.  Done and in the RFC Editor's Queue!

2) iSCSI SAM (new features) draft.  The -09 version has been approved by the
IESG, so the text is fine, but there's a procedural wrinkle to work through.
Section 4.2 of this draft (about SCSI version descriptors for iSCSI) depends
on some changes that need to be made at T10 (SCSI standards body), and those
T10 change requires that the IANA actions for this draft be performed.  The
expected path forward is to have IANA perform their actions, make the changes
at T10 (which may make it into SPC-4), and then send the draft to the RFC
Editor; as a result the actual approval announcement will be delayed.

3) iSCSI MIB draft.  Done and in the RFC Editor's Queue!

4) iSER draft.  Done, and in the RFC Editor's Queue!  

5) RFC 3723 IPsec requirements update draft.  The -04 version that was just
posted should suffice to clear the one IESG Discuss position on this draft -
the delay in getting this version done is my [lack of :-( ] doing in order
to cope with things at my day job.  There are two technical changes that
have been made in this new version, for which time will be allowed for WG
review - details below.

6)  RDMA Extensions draft.  The -08 version that was just posted should take
care of all of the comments from WG Last Call, and hence should be ready to
submit to our AD and the IESG with the initial request for publication as an
RFC.

-- Two IPsec items --

Two technical changes were made to the IPsec update draft, and these will also
need to be made to the consolidated iSCSI draft, as they affect the IPsec
security considerations text there:

(A) OCSP is now allowed for checking certificates in addition to use of CRLs.

(B) Extended sequence numbers (ESNs) are now required for ESPv2 (IPsec v2 -
	RFC 2406) in addition to ESPv3 (IPsec v3 - RFC 4303).

The first change to allow OCSP, is a straightforward update to the current
state of PKI certificate technology and usage.

The second change was the original intention for iSCSI use of IPsec (which is
where all of this started) and got dropped when yours truly overlooked the
existence of RFC 4304, which defines IKEv1 support for negotiating ESN usage.

One of the security ADs pointed out the existence of RFC 4304 and suggested
this change, which makes a lot of sense, IMHO.  I believe ESN support to be
widely available in IPsec v2 implementations.

If anyone cares about either of these, please comment - absence of comment
will be taken as absence of objection.

Please feel free to send questions to the list or directly to me.

Finally, there should be an update later this week on the planned RDMA/IP
"Mini-BOF" that will be held at the storm WG meeting in Vancouver - Thursday,
November 7, 1300-1500 (1p-3p).  See you in Vancouver!

Thanks,
--David (storm WG co-chair)
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

[storm] Storm WG draft status - October 21 + Two … Black, David