Subject:	Comments on: CbCS 'correction' proposals
Date:	Thu, 6 Mar 2008 17:25:53 -0500
From:	Sivan Tal <SIVANT@il.ibm.com>
To:	Ralph Weber <roweber@ieee.org>
CC:	owner-t10@t10.org, "'t10@t10.org'" <t10@t10.org>, Kevin D Butt <kdbutt@us.ibm.com>, "David Black" <Black_David@emc.com>

-------- Original Message -------- Subject: Comments on: CbCS 'correction' proposals Date: Thu, 6 Mar 2008 17:25:53 -0500 From: Sivan Tal <SIVANT@il.ibm.com> To: Ralph Weber <roweber@ieee.org> CC: owner-t10@t10.org, "'t10@t10.org'" <t10@t10.org>, Kevin D Butt <kdbutt@us.ibm.com>, "David Black" <Black_David@emc.com> * From the T10 Reflector (t10@t10.org), posted by: * Sivan Tal <SIVANT@il.ibm.com> * <snip> Comment 1: Thanks for correcting the SA usage. However, one of the "features" didn't make it to the correct usage. That is the requirement that the creation of the SA had included an authentication step. Now, since the minimum SA parameters do not include the information required to determine whether the authentication step had been skipped or not, this involves maintaining additional info that is not specified in the standard. While this can still be done, I suspect a better way to require authentication is to make a change to the IKEv2-SCSI part as follows: If the selected USAGE_TYPE SA parameter is "CbCS authentication and credential encryption" then the authentication step must not be skipped (in other words, SA_AUTH_NONE must not be selected). <gigantic snip> Hopefully, the following new proposal addresses this issue. http://www.t10.org/ftp/t10/document.08/08-138r0.pdfHowever, I have not had time to confirm the suitability of the proposal with the SA creation gurus (i.e., things may get a little dicey when CAP reviews the plan).All the best, .Ralph