[secdir] Secdir Review of draft-ietf-storm-iscsi-sam-06
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 25 July 2012 14:22 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F7B21F84DA; Wed, 25 Jul 2012 07:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.926
X-Spam-Level:
X-Spam-Status: No, score=-102.926 tagged_above=-999 required=5 tests=[AWL=-0.327, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iJhhSWbmXS9; Wed, 25 Jul 2012 07:22:30 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2999921F84D6; Wed, 25 Jul 2012 07:22:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1343226204; d=isode.com; s=selector; i=@isode.com; bh=gKbBx17M9WLjltmsQ0uanSZU8cb7IerdOdkuBTa7HN4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=kpcsa8befJMASsNgB0TrDug90ENoOK09tIjgieW/TJDfMzrW7/0C1+IqhsJk8/Yed6Ooii 6YJj+ka9TfaCsaZ+W8oRo9GirZ3jt5QhZHPpboGmmacdNfyygn2Al6SMWlvH52Mg4wYiCr yM/Hl9rJDSUrqx0OzrQeqzFSWqfypwM=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <UBABXAAkREIl@waldorf.isode.com>; Wed, 25 Jul 2012 15:23:24 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <50100124.4040403@isode.com>
Date: Wed, 25 Jul 2012 15:22:28 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-storm-iscsi-sam.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] Secdir Review of draft-ietf-storm-iscsi-sam-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2012 14:22:31 -0000
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
The iSCSI protocol as specified in [draft-ietf-storm-iscsi-cons-xx] (and
as previously specified by the combination of RFC 3720 and RFC 5048) is
based on the SAM-2 (SCSI Architecture Model - 2) version of the SCSI
family of protocols. This document defines enhancements to the iSCSI
protocol to support certain additional features of the SCSI protocol
that were defined in SAM-3, SAM-4, and SAM-5. In particular the document
adds:
1) Command Priority field
2) Several new commands:
9 - QUERY TASK - determines if the command identified by the
Referenced Task Tag field is present in the task set.
10 - QUERY TASK SET - determine if any command is present in
the task set for the I_T_L Nexus on which the task management
function was received.
11 - I_T NEXUS RESET - perform an I_T nexus loss function (see
[SAM5]) for the I_T nexus on which the task management
function was received.
12 - QUERY ASYNCHRONOUS EVENT - determine if there is a unit
attention condition or a deferred error pending for the I_T_L
nexus on which the task management function was received.
And a new response code that they use.
The document sends readers to review Security Considerations from RFC
3720. This is probably appropriate, as extensions added by this document
are minor and don't seem to change iSCSI model much. One thing that
might be missing is some text about abuse of the priority field to
perform Denial-of-service or to gain better service.
Other comments on the document (consider them minor, but I think editors
should think about these):
The document can't decide which RFC for iSCSI it is referencing... Which
one should be used in the new IANA registries created?
Repeating the list of Task Management Functions defined in another
document is not a good idea. What if another extension adds additional
functions?
- [secdir] Secdir Review of draft-ietf-storm-iscsi-… Alexey Melnikov
- Re: [secdir] Secdir Review of draft-ietf-storm-is… david.black