As a co-chair of the storm WG, I'm looking for some input on updating the IPsec requirements for iSCSI, which is the subject of a WG Last Call comment against the new iSCSI draft.
The history here is that as part of the original work for iSCSI (and some additional storage protocols), a profile of the then-current version of IPsec (2400-series RFCs) was produced (RFC 3723), and iSCSI (RFC 3720) has "MUST implement" requirements for that version of IPsec. By the time iSCSI was completed, the next version of IPsec (4300-series RFCs) was imminent, but a deliberate decision was made to have both RFC 3720 and 3723 continue to refer to the older version of IPsec. A primary reason at the time was that iSCSI and IPsec implementations are generally independent, and the most likely implementation path for iSCSI involved existing older IPsec implementations. That was back in 2004, and the IPsec world has moved on since them. The issue has been raised that it may not be appropriate for the new iSCSI RFC-to-be to continue to require implementation of RFC 2400-series IPsec. The new iSCSI draft is fully backwards compatible with the existing iSCSI RFCs (in contrast to IPsec, where the versions of IKE deliberately don't interoperate), so jumping straight to 4300-series IPsec does not seem like a good move unless 2400-series IPsec is extinct for all practical purposes. Assuming 2400-series IPsec is not extinct, the appropriate requirements may be of roughly the following form (this is a template, see RFC 3720 or 3723 for the specific requirements to which this structure is to be applied): - MUST implement IPsec, 2400-series RFCs or 4300-series RFCs. - SHOULD implement IPsec, 4300-series RFCs. - I'm not inclined to also say: SHOULD NOT implement 2400-series IPsec. OTOH, if 2400-series IPsec is extinct for all practical purposes, that all reduces to - MUST implement IPsec, 4300-series. I'm interested in comments on what the right thing to do is here and why. Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 david.bl...@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec