Comments on 05-446r9
Kevin D Butt
kdbutt at us.ibm.com
Tue Mar 21 15:01:04 PST 2006
Formatted message: <A HREF="r0603212_f.htm">HTML-formatted message</A>
Paul and all,
I have some comments on 05-446r9
1) Section 188.8.131.52, pg 6, last sentence of 2nd to last paragraph, "The
device server shall establish the logical position at the BOP side the
encrypted block." should be "The device server shall establish the logical
position after the failed encrypted block." This will make the behavior
consistent with reading a corrupted block.
2) Section 184.108.40.206, pg 8. All the statements about establishing a UA for
all other I_T Nexus that are affected by....
If this is the behavior that we take, then this will severely inhibit
being able to use a third party device - like a Decru EKM transparent to
the application. The UA's will cause the applications or host on which
the applications reside, to handle these UA's that it knows nothing about.
I think the UA's should be restricted to those I_T Nexus over which a
Security Protocol Out/In command has been received and not to any body
else. This will allow using an External EKM transparent to applications.
3) Section 220.127.116.11, pg 8, second list. Should a "Prohibit Encryption" be
4) Section 18.104.22.168, pg 9. Please add "CKORSC" to list.
5) Section 22.214.171.124, pg 9. Item c) of list - key scope. I was confused
here and it took me some time to realize that "key scope" is referring to
a value in Table Y2 for the "scope" field of the set data encryption page.
Please add a definition and/or cross reference for this term.
6) The following changes are desired by IBM. We do not want to prohibit
any out-of-band methods from being used.
Section 126.96.36.199, pg 19, last paragraph. Remove the text "by processing a
Set Data Encryption page."
Section 188.8.131.52, pg 20, first three paragraphs, change the text
"in the Set Data Encryption page that established the key in the
"when the key was established in the device server."
1) Section 184.108.40.206, pg 8, sentence leading into second list, "The set of
possible data encryption scope values for an I_T nexus is limited to:"
please remove "limited to". "limited to" might lead a reader to infer
intent that is not intended.
2) Section 220.127.116.11, pg 11 end of 1st paragraph. Should
"non-authenticated" be changed to "unauthenticated"?
3) Section 18.104.22.168, pg 19. Second to last sentence on the page: "...,
they shall be order of increasing..." missing the word "in".
3) Section 22.214.171.124, pg 23, second sentence in first paragraph. I think
"requested" should be changed to "sent".
4) Last paragraph of pg 26: "If the device server does is not...." delete
5) Page 28, last paragraph before section 8.5.4. Missing D: "INCOMPLETE
KEY - ASSOCIATE DATA SET" s/b "INCOMPLETE KEY - ASSOCIATED DATA SET"
6) Section 126.96.36.199, pg 28, first sentence: "Several of the parameter pages
in used" delete the "in"
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-2869 / 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com
More information about the T10