Return-Path: X-Sieve: cmu-sieve 2.0 Return-Path: Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id h07M7nr25089 for ips-outgoing; Tue, 7 Jan 2003 17:07:49 -0500 (EST) X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f Received: from maho3msx2.corp.emc.com (maho3msx2.corp.emc.com [128.221.11.32]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id h07M7kW25085 for ; Tue, 7 Jan 2003 17:07:46 -0500 (EST) Received: by maho3msx2.corp.emc.com with Internet Mail Service (5.5.2653.19) id ; Tue, 7 Jan 2003 17:07:12 -0500 Message-ID: <277DD60FB639D511AC0400B0D068B71E0564C6EF@corpmx14.us.dg.com> From: Black_David@emc.com To: ips@ece.cmu.edu Cc: Black_David@emc.com Subject: iSCSI boot draft revision for IESG Date: Tue, 7 Jan 2003 17:06:30 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ips@ece.cmu.edu Precedence: bulk In the IESG review of the iSCSI boot draft that can be found at: https://www1.ietf.org/IESG/EVALUATIONS/draft-ietf-ips-iscsi.bal there are a long set of comments from Randy Bush (actually forwarded from the operations area directorate) on the boot draft that are mistakenly recorded under the main iSCSI draft. The summary at the top of those comments is: Boot security has traditionally been a problematic area, so an alternative secure boot mechanism is very welcome. iSCSI boot has substantial potential, and some of the products coming on the market have impressive security features (such as IKE/IPsec support on the HBA), so that I'd expect a draft on isCSI Boot to demonstrate particular attention to security issues. This document falls short in this regard, though it can be easily fixed with a little work. I believe the summary is basically correct, in that the boot draft was developed to describe the functional aspects of booting and did not put much emphasis on security issues. I think there's enough information in those comments for the authors to prepare a revised version of the draft, but I want that draft reviewed here on the IPS WG list primarily to make sure that the WG is satisfied with the balance that will need to be struck in the revised draft between strength of security for boot and the resulting implementation implications (size, complexity, new ways for it to fail) for BIOS code and the like. There are also a couple of suggestions for additional informational references towards the bottom of the above review. The authors should prepare a revised draft and submit it in the near future - we'll run a short review focused on the security aspects of the draft on this list. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 **NEW** FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------