Date: Sat, 08 Mar 2008 18:25:21 -0600
From: Ralph Weber <roweber@IEEE.org>
To: "'t10@t10.org'" <t10@t10.org>
Subject: Constraints on SPC-4 SA creation based on Usage Type
X-Message-Number: 8591
Formatted message: HTML-formatted message

> -------- Original Message --------
> Subject:	Comments on: CbCS 'correction' proposals
> Date: 	Thu, 6 Mar 2008 17:25:53 -0500
> From: 	Sivan Tal <SIVANT@il.ibm.com>
> To:	Ralph Weber <roweber@ieee.org>
> CC:	owner-t10@t10.org, "'t10@t10.org'" <t10@t10.org>, Kevin D Butt 
> <kdbutt@us.ibm.com>, "David Black" <Black_David@emc.com>
>
>
> * From the T10 Reflector (t10@t10.org), posted by:
> * Sivan Tal <SIVANT@il.ibm.com>
> *
> <snip>
>
> Comment 1:
> Thanks for correcting the SA usage. However, one of the "features" didn't
> make it to the correct usage. That is the requirement that the creation of
> the SA had included an authentication step.
> Now, since the minimum SA parameters do not include the information
> required to determine whether the authentication step had been skipped or
> not, this involves maintaining additional info that is not specified in the
> standard. While this can still be done, I suspect a better way to require
> authentication is to make a change to the IKEv2-SCSI part as follows:
> If the selected USAGE_TYPE SA parameter is "CbCS authentication and
> credential encryption" then the authentication step must not be skipped (in
> other words, SA_AUTH_NONE must not be selected).
>
> <gigantic snip>
>   
Hopefully, the following new proposal addresses this issue.
http://www.t10.org/ftp/t10/document.08/08-138r0.pdf
However, I have not had time to confirm the suitability of the
proposal with the SA creation gurus (i.e., things may get a
little dicey when CAP reviews the plan).
All the best,
.Ralph