Subject: Re: NetBSD iSCSI HOWTOs
To: None <>
From: Jochen Kunz <>
List: current-users
Date: 03/01/2006 10:50:46
On Tue, 28 Feb 2006 07:58:21 -0500
Thor Lancelot Simon <> wrote:

> The profusion of application-layer encryption and authentication
> solutions needs to stop.  Really, it needed to stop some time ago.=20
> When everyone designs his own cryptographic protocol "to meet the
> needs of his application" all you really get are dozens of similar
> protocols each with its own design flaws and implementation bugs.  I'm
> sure there are ways in which the design of iSCSI could have paid more
> attention to security but I for one am quite glad that it does not
> include yet another hand- rolled cryptographic protocol. :-/
I don't know if this can work together with iSCSI, but why not iSCSI
with SSL/TLS transport? SSL/TLS is widely used and not just an other
"own cryptographic protocol". It can be made optional for environements
where security is provided by other means. If strong authentication and
encryption is needed on the transport layer SSL/TLS looks like a
reasonible way.