Comments on 05-446r9

Kevin D Butt kdbutt at us.ibm.com
Tue Mar 21 15:01:04 PST 2006 

Formatted message: <A HREF="r0603212_f.htm">HTML-formatted message</A>

Paul and all,
I have some comments on 05-446r9
TECHNICAL:
1) Section 4.2.9.13, pg 6, last sentence of 2nd to last paragraph, "The 
device server shall establish the logical position at the BOP side the 
encrypted block." should be "The device server shall establish the logical 
position after the failed encrypted block."  This will make the behavior 
consistent with reading a corrupted block.
2) Section 4.2.19.5, pg 8.  All the statements about establishing a UA for 
all other I_T Nexus that are affected by....
If this is the behavior that we take, then this will severely inhibit 
being able to use a third party device - like a Decru EKM transparent to 
the application.  The UA's will cause the applications or host on which 
the applications reside, to handle these UA's that it knows nothing about.
I think the UA's should be restricted to those I_T Nexus over which a 
Security Protocol Out/In command has been received and not to any body 
else.  This will allow using an External EKM transparent to applications.
3) Section 4.2.19.6, pg 8, second list. Should a "Prohibit Encryption" be 
added?
4) Section 4.2.19.7, pg 9.  Please add "CKORSC" to list.
5) Section 4.2.19.7, pg 9.  Item c) of list - key scope.  I was confused 
here and it took me some time to realize that "key scope" is referring to 
a value in Table Y2 for the "scope" field of the set data encryption page. 
 Please add a definition and/or cross reference for this term.
6) The following changes are desired by IBM.  We do not want to prohibit 
any out-of-band methods from being used.
Section 8.5.2.7, pg 19, last paragraph.  Remove the text "by processing a 
Set Data Encryption page."
Section 8.5.2.7, pg 20, first three paragraphs, change the text 
     "in the Set Data Encryption page that established the key in the 
device server."
to
     "when the key was established in the device server."
EDITORIAL:
1) Section 4.2.19.6, pg 8, sentence leading into second list, "The set of 
possible data encryption scope values for an I_T nexus is limited to:" 
please remove "limited to".  "limited to" might lead a reader to infer 
intent that is not intended.
2) Section 4.2.19.11, pg 11 end of 1st paragraph.  Should 
"non-authenticated" be changed to "unauthenticated"?
3) Section 8.5.2.7, pg 19.  Second to last sentence on the page: "..., 
they shall be order of increasing..."  missing	the word "in". 
3) Section 8.5.3.1, pg 23, second sentence in first paragraph.	I think 
"requested" should be changed to "sent".
4) Last paragraph of pg 26: "If the device server does is not...."  delete 
"does".
5) Page 28, last paragraph before section 8.5.4.  Missing D: "INCOMPLETE 
KEY - ASSOCIATE DATA SET" s/b  "INCOMPLETE KEY - ASSOCIATED DATA SET"
6) Section 8.5.4.1, pg 28, first sentence: "Several of the parameter pages 
in used" delete the "in"
Thanks,
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-2869 / 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com

More information about the T10 mailing list