Accredited Standards Committee*

InterNational Committee for Information Technology Standards (INCITS)

 

 

Doc. No.:

T10/07-182r1

 

 

Date:

April 19, 2007

 

 

Reply to:

John Lohmeyer

 

 

 

 

To:

T10 Membership

 

 

From:

Ralph Weber and John Lohmeyer

 

 

Subject:

SCSI Commands, Architecture, & Protocol Security Working Group Meeting -- April 17, 2007

 

 

Houston, TX

 

Agenda

1. Opening Remarks

2. Approval of Agenda

3. Attendance and Membership

4. Command Set Topics

4.1 SCSI Primary Commands Proposals

4.1.1 SPC-4 CDB Encapsulation Alternatives (07-158r0) [Weber]

5. Security

5.1 SPC-4: Establishing a Security Association using IKEv2 (06-449r3) [Ball & Black]

5.2 Capability based Command Security (07-069r3) [Penokie]

5.3 Command Security via SAs (07-149r0) [Weber]

5.4 ESP-SCSI for Parameter Data (07-169r0) [Weber]

5.5 SPC-4 request for security protocol (07-184r0) [Ballard]

6. Old Business

7. New Business

8. Review of Recommendations to the Plenary

9. Meeting Schedule

10. Adjournment

 

Results of Meeting

1. Opening Remarks

George Penokie called the meeting to order at 9:00 a.m. Tuesday, April 17, 2007. He thanked Rob Elliott of HP and Kurt Cox of Amphenol for hosting the meeting. As usual, the people present introduced themselves.

2. Approval of Agenda

The draft agenda was approved with no following additions or changes.

No items were added/revised during the course of the meeting.

3. Attendance and Membership

Attendance at working group meetings does not count toward minimum attendance requirements for T10 membership. Working group meetings are open to any person or organization directly and materially affected by T10's scope of work. The following people attended the meeting:

              Name                   S           Organization
------------------------------------ -- ------------------------------------
Mr. David Peterson                   P  Brocade
Mr. William McFerrin                 V  DataPlay
Mr. Gideon Avida                     P  Decru
Mr. Kevin Marks                      P  Dell, Inc.
Mr. David Black                      A  EMC Corp.
Mr. William Martin                   P  Emulex
Mr. Ralph O. Weber                   P  ENDL Texas
Mr. Rob Elliott                      P  Hewlett Packard Co.
Mr. Steven Fairchild                 V  Hewlett Packard Co.
Mr. Joe Foster                       V  Hewlett Packard Co.
Mr. Kevin Butt                       A  IBM Corp.
Mr. George O. Penokie                P  IBM Corp.
Mr. Sivan Tal                        V  IBM Corp.
Mr. Robert Sheffield                 P  Intel Corp.
Mr. Walt Hubis                       V  LSI Corp.
Mr. Frederick Knight                 A  Network Appliance
Mr. Matthew Ball                     V  Quantum Corp.
Mr. Jim Scott                        P  Vitesse Semiconductor
 
18 People Present
 
Status Key:  P    -  Principal
             A,A# -  Alternate
             AV   -  Advisory Member
             E    -  Emeritus
             L    -  Liaison
             V    -  Visitor

4. Command Set Topics

4.1 SCSI Primary Commands Proposals

4.1.1 SPC-4 CDB Encapsulation Alternatives (07-158r0) [Weber]

Ralph Weber presented a proposal that showed alternatives to the CDB Encapsulation described in 07-029r1 (07-158r0). The group recommended adopting the suggestions in 07-158r0 with the following alterations: do not describe how encryption is done at all (leave that to a future proposal by someone who wants to encrypt CDBs), add three reserved bytes following the 7Eh operation code so that the original CDB operation code is 4-byte aligned, and provide a description of how to add and remove encapsulations (possibly as an informative annex).

Ralph agreed to revise 07-029r1 based on the group's discussion of this topic, and asked that 07-158r0 be removed from future agendas.

5. Security

5.1 SPC-4: Establishing a Security Association using IKEv2 (06-449r3) [Ball & Black]

David Black and Matt Ball presented a proposal to define an IKEv2-based method for establishing a Security Association (06-449r3). The group requested several enhancements such as clarifications of error handling issues and adding a simplified diagram showing the IKEv2 aspects of the protocol with the SCSI commands factored out.

David and Matt agreed to prepare a new revision for consideration at the next meeting.

5.2 Capability based Command Security (07-069r3) [Penokie]

George Penokie and Sivan Tal presented a proposal to secure SCSI commands with a capability-based encapsulation modelled on the OSD security mechanism (07-069r3). The group quickly determined that there is no one-to-one mapping between I_T nexus identifiers and Security Tokens. The group worked to construct a broadly agreeable definition of Security Token. A few other improvements were recommended.

George agreed to prepare a new revision for consideration at the next meeting.

5.3 Command Security via SAs (07-149r0) [Weber]

Ralph Weber presented some ideas for using TBD SA Usage Data to provide command security (possibly linked to the application sending the commands) with SA Authentication (07-149r0). The group found several problems in the proposal including: the omission of provisions for device servers to be preconfigured for certain authenticated entities, overly broad assumptions about how OS driver stacks operate, and poorly thought-out integration with the CbCS concepts from 07-069r3.

Ralph agreed to revise the proposal and present it again at the May CAP meeting.

5.4 ESP-SCSI for Parameter Data (07-169r0) [Weber]

Matt Ball led the group in a review of Quantum's issues with Ralph Weber's initial ESP-SCSI definition (07-169r0). Due to a lack of sufficient time, several issues in Matt's marked up PDF could not be address. Ralph agreed to review all the issues in Matt's PDF, integrate the changes recommended by the group (particularly the changes related to Sequence Number requirements), and prepare a new revision for consideration at the next meeting.

5.5 SPC-4 request for security protocol (07-184r0) [Ballard]

In the absence of Curtis Ballard, discussion of this topic was deferred to the May CAP meeting.

6. Old Business

There was no old business.

7. New Business

There was no old business.

8. Review of Recommendations to the Plenary

Ralph Weber noted that no recommendations have been made to the T10 plenary.

9. Meeting Schedule

The next meeting of the SCSI Commands, Architecture, and Protocols Working Group will be Wednesday, May 9, 2007 from 9 a.m. until 7 p.m. and resuming Thursday, May 10, 2007 from 9 a.m. until noon. The meeting will be in Bellevue, WA at the Hyatt Regency Hotel (425-462-1234) hosted by Microsoft Corp.

10. Adjournment

The meeting was adjourned at 6:25 p.m. on Tuesday April 17, 2007.

 


*Operating under the procedures of The American National Standards Institute. INCITS Secretariat, Information Technology Industry Council (ITI) 1250 Eye Street NW, Suite 200, Washington, DC 20005-3922 Email: incits@itic.org Telephone: 202-737-8888 FAX: 202-638-4922