07-437r0 -- IKEv2-SCSI SA creation

Ralph Weber roweber at IEEE.org
Mon Oct 1 21:12:11 PDT 2007

* From the T10 Reflector (t10 at t10.org), posted by:
* Ralph Weber <roweber at ieee.org>
The latest revision of the IKEv2-SCSI SA creation proposal
is available as:
This revision contains all the changes agreed to by the
September CAP working group.
The accept/use bits were removed. Their purpose was to
allow different authentication methods to be applied
in the OUT versus the IN parameter data. This choice
was kicked up one level by creating SA_AUTH_OUT and
SA_AUTH_IN cryptographic algorithm descriptors. I believe
the change makes the process more obvious and more natural
to SCSI. The catch is that SA_AUTH_NONE must be presented/
agreed in both directions simultaneously. This generated
much more requirements text in the model clause than had
existed previously. At the other end of the process, it
simplified the definition of the Authentication payload
substantially. In all likelihood, the changes are a net
win for device servers.
The next payload tables were reviewed and revised slightly
differently than the group agreed.
Color-coded bookmarks will aid reviewers in locating the
following two changes:
 > The 128/256 bit strength choice, and
 > The SA_AUTH_OUT/SA_AUTH_IN chicanery.
Happy reviewing.
07-437r0 is very close to being ready for approval in
November. Those who care should study it carefully
before then.
All the best,
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org

More information about the T10 mailing list