Constraints on SPC-4 SA creation based on Usage Type

Ralph Weber roweber at IEEE.org
Sat Mar 8 16:25:21 PST 2008


Formatted message: <A HREF="r0803080_f.htm">HTML-formatted message</A>

> -------- Original Message --------
> Subject:	Comments on: CbCS 'correction' proposals
> Date: 	Thu, 6 Mar 2008 17:25:53 -0500
> From: 	Sivan Tal <SIVANT at il.ibm.com>
> To:	Ralph Weber <roweber at ieee.org>
> CC:	owner-t10 at t10.org, "'t10 at t10.org'" <t10 at t10.org>, Kevin D Butt 
> <kdbutt at us.ibm.com>, "David Black" <Black_David at emc.com>
>
>
> * From the T10 Reflector (t10 at t10.org), posted by:
> * Sivan Tal <SIVANT at il.ibm.com>
> *
> <snip>
>
> Comment 1:
> Thanks for correcting the SA usage. However, one of the "features" didn't
> make it to the correct usage. That is the requirement that the creation of
> the SA had included an authentication step.
> Now, since the minimum SA parameters do not include the information
> required to determine whether the authentication step had been skipped or
> not, this involves maintaining additional info that is not specified in the
> standard. While this can still be done, I suspect a better way to require
> authentication is to make a change to the IKEv2-SCSI part as follows:
> If the selected USAGE_TYPE SA parameter is "CbCS authentication and
> credential encryption" then the authentication step must not be skipped (in
> other words, SA_AUTH_NONE must not be selected).
>
> <gigantic snip>
>   
Hopefully, the following new proposal addresses this issue.
http://www.t10.org/ftp/t10/document.08/08-138r0.pdf
However, I have not had time to confirm the suitability of the
proposal with the SA creation gurus (i.e., things may get a
little dicey when CAP reviews the plan).
All the best,
.Ralph



More information about the T10 mailing list